CVE-2023-29515

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...

EUVD-2023-1179

Malicious code in bioql PyPI...

websudo does not work for space admins in Confluence version 8.5.1

h3. Issue Summary This is reproducible on the Data Center: yes Issue happens only on 8.5.1 and works fine on 8.5.0 h3. Steps to Reproduce 1. Install Confluence Data Center 8.5.1 2. Create a Confluence test user with can use permissions in Global permissions 3. Assign all the space permissions in ...

XWiki App Within Minutes app grants space admin rights that allows cross-site scripting

Impact Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can be exploited by creating an app in App Within Minutes. If the button should be disabled because th...

CVE-2023-29515

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...

CVE-2023-29515 Cross-site scripting (XSS) in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...

CVE-2023-29515 Cross-site scripting (XSS) in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...

make space admin able to see restricted pages in his own space

This is a request to make space admins able to see the content of restricted pages in their own spaces. Currently only confluence-administrators can do that...

Partial space admin permission/authority

I followed these guidelines, but this is not fine grained enough. http://confluence.atlassian.com/display/DOC/Global+Permissions+OverviewGlobalPermissionsOverview-confluenceadmin We need to prevent space admin adding new permission to their space. We prefer to manage space permission by the...

XSS vulnerability: space name and key not validated nor escaped

Email sent from Igor: quote The problem: The input for space name and key is not being validated properly. I created a JIRA for lacking length validation CONF-8894 and later on I noticed that any characters in the input for space name are allowed. Combine that with another batch of bugs - space...

NPE in SpaceHelper borks page....

If you have a url for Space admin : http://server.name.com/spaces/listdecorators.action?key=BP2I And you get the space key wrong, then rather than failing gracefully, you end up with an sitemesh decoration of an empty page.... Looking at the code, you can see why: public String getSpaceName retur...