Lucene search
K

23 matches found

Snyk
Snyk
added 2026/05/26 7:33 p.m.9 views

Directory Traversal

Overview org.xwiki.platform:xwiki-platform-webjars-api is a XWiki Platform WebJars API. Affected versions of this package are vulnerable to Directory Traversal via the process that handles WebJar extension installation. An attacker can overwrite arbitrary files, including configuration files and...

5.9CVSS6.3AI score0.00056EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 7:33 p.m.8 views

GHSA-VGWR-23FQ-PR7G XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin

Impact A potential path traversal vulnerability allow an attacker who manages to get a malicious WebJar extension installed on the wiki to write arbitrary files. While the consequences could be severe like overriding configuration files and setting the superadmin password, the attack first requir...

5.9CVSS5.9AI score0.00056EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.9 views

PT-2026-43465

Name of the Vulnerable Software and Affected Versions XWiki versions prior to 16.10.17 XWiki versions prior to 17.4.9 XWiki versions prior to 17.10.3 XWiki versions prior to 18.0.0RC1 Description A path traversal issue allows an attacker to write arbitrary files, which could lead to overriding...

5.9CVSS5.9AI score0.00056EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-3461

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00553EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4667

Malicious code in bioql PyPI...

5.5CVSS6.3AI score0.01905EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/05/23 1:46 a.m.7 views

CVE-2023-29203

XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with uorgsuggest.vm. This issue only concerns hidden users from main...

5.3CVSS6.4AI score0.00693EPSS
Exploits1References1
CVE
CVE
added 2025/04/16 9:38 p.m.71 views

CVE-2025-32783

XWiki Platform vulnerability CVE-2025-32783 affects versions 5.0–16.7.1 when Message Stream is enabled and the wiki is configured as closed (Prevent unregistered users to view pages). A message sent in a subwiki to "everyone" is exposed to the main wiki via the Dashboard, even if the subwiki is p...

4.7CVSS4.6AI score0.00268EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/03/19 8:3 p.m.9 views

GHSA-GQ32-758C-3WM3 XWiki uses the wrong wiki reference in AuthorizationManager

Impact It's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The vulnerability only affects subwikis, and it only concerns specific right options such as...

8.7CVSS6AI score0.00371EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/03/19 8:3 p.m.13 views

XWiki uses the wrong wiki reference in AuthorizationManager

Impact It's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The vulnerability only affects subwikis, and it only concerns specific right options such as...

8.7CVSS6.3AI score0.00371EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/03/19 6:15 p.m.11 views

CVE-2025-29924

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The...

8.7CVSS0.00371EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/19 5:31 p.m.20 views

CVE-2025-29924 XWiki uses the wrong wiki reference in AuthorizationManager

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The...

8.7CVSS6.2AI score0.00371EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.5 views

PT-2025-11970 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 15.10.14 XWiki Platform versions prior to 16.4.6 XWiki Platform versions prior to 16.10.0-rc-1 Description: The issue allows an user to access private information through the REST API when a sub wiki is using...

8.7CVSS6AI score0.00371EPSS
Exploits0References16
OSV
OSV
added 2024/12/12 7:21 p.m.13 views

GHSA-CWQ6-MJMX-47P6 XWiki's scheduler in subwiki allows scheduling operations for any main wiki user

Impact Any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document Scheduler.WebHome in a subwiki. Then, click on any operation e.g., Trigger on any job. If the operation is successful...

5.4CVSS5.3AI score0.00553EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/12/12 7:21 p.m.17 views

XWiki's scheduler in subwiki allows scheduling operations for any main wiki user

Impact Any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document Scheduler.WebHome in a subwiki. Then, click on any operation e.g., Trigger on any job. If the operation is successful...

5.4CVSS6.7AI score0.00553EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2024/12/12 6:59 p.m.19 views

CVE-2024-55876 XWiki's scheduler in subwiki allows scheduling operations for any main wiki user

XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document...

5.4CVSS0.00553EPSS
Exploits1References3
CVE
CVE
added 2024/12/12 6:59 p.m.76 views

CVE-2024-55876

CVE-2024-55876 affects XWiki Platform. Versions 1.2-milestone-2 through 16.3.0 are vulnerable: any account on the master wiki could execute scheduling operations on subwikis by interacting with Scheduler.WebHome and triggering a job, indicating an insufficient authorization boundary between main ...

5.4CVSS5.5AI score0.00553EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/12 6:59 p.m.10 views

CVE-2024-55876 XWiki's scheduler in subwiki allows scheduling operations for any main wiki user

XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document...

5.4CVSS6.8AI score0.00553EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/04/15 3:17 p.m.10 views

CVE-2023-29203 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm

XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with uorgsuggest.vm. This issue only concerns hidden users from main...

3.7CVSS5.2AI score0.00693EPSS
Exploits1References3
OSV
OSV
added 2023/04/15 3:17 p.m.28 views

CVE-2023-29203 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm

XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with uorgsuggest.vm. This issue only concerns hidden users from main...

3.7CVSS5.3AI score0.00693EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/04/15 3:17 p.m.31 views

CVE-2023-29203 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm

XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with uorgsuggest.vm. This issue only concerns hidden users from main...

3.7CVSS5.4AI score0.00693EPSS
Exploits1References3
Rows per page
Query Builder