XWiki < 4.10.15 - Information Disclosure

The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki but not some protected...

CVE-2024-31984

XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the Solr-based search in XWiki. This allows any user who can edi...

CVE-2024-31984

XWiki Platform contains a remote code execution (RCE) vulnerability in the Solr-based search when a document title is crafted in a specific way. Affected versions include 7.2-rc-1 through prior to 4.10.20, 15.5.4, and 15.10-rc-1. Successful exploitation allows an attacker who can edit a space tit...

CVE-2024-31984 XWiki Platform: Remote code execution through space title and Solr space facet

XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the Solr-based search in XWiki. This allows any user who can edi...

XWiki 6.3 < 14.10.15, 15.x < 15.5.1 Information Disclosure Vulnerability (GHSA-7fqr-97j7-jgf4)

Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2023-50720

XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's...

Default credentials

XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are...

CVE-2023-50719

XWiki Platform’s Solr-based search discloses password hashes (and potentially API keys stored as passwords) of all users to anyone with view rights on the user profile. Affected versions are 7.2-milestone-2 through prior to 14.10.15, 15.5.2, and 15.7-rc-1. By default, user profiles are public, en...

CVE-2023-50719 XWiki Platform Solr search discloses password hashes of all users

XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are...

CVE-2023-50720 XWiki Platform Solr search discloses email addresses of users

XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's...

CVE-2023-50720

Summary : CVE-2023-50720 affects XWiki Platform. The Solr-based search may disclose user email addresses even when obfuscation is enabled, prior to fixed versions. Affected versions (before fix) : XWiki &lt; 14.10.15, &lt; 15.5.2, and

XWiki Platform Information Disclosure Vulnerability

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating Web collaboration applications. An information disclosure vulnerability exists in XWiki Platform, which stems from a Solr-based search in XWiki disclosing a user's e-mail address even if e-mail address obfuscation is...

Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service

Impact The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki but not some...

GHSA-7FQR-97J7-JGF4 Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service

Impact The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki but not some...

CVE-2023-48241 XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wiki...

PT-2023-8597 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 6.3-milestone-2 through 14.10.14 XWiki Platform versions 15.5.0 through 15.5.0 XWiki Platform versions 15.6RC0 Description: The Solr-based search suggestion provider in XWiki Platform exposes the content of all documen...