Directory Traversal

Overview org.xwiki.platform:xwiki-platform-webjars-api is a XWiki Platform WebJars API. Affected versions of this package are vulnerable to Directory Traversal via the process that handles WebJar extension installation. An attacker can overwrite arbitrary files, including configuration files and...

GHSA-GQ32-758C-3WM3 XWiki uses the wrong wiki reference in AuthorizationManager

Impact It's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The vulnerability only affects subwikis, and it only concerns specific right options such as...

CVE-2023-29203 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm

XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with uorgsuggest.vm. This issue only concerns hidden users from main...

CVE-2023-29203 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm

XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with uorgsuggest.vm. This issue only concerns hidden users from main...

CVE-2014-7837

mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki...