3 matches found
CVE-2023-29515
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...
EUVD-2023-1179
Malicious code in bioql PyPI...
XWiki App Within Minutes app grants space admin rights that allows cross-site scripting
Impact Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can be exploited by creating an app in App Within Minutes. If the button should be disabled because th...