PT-2025-11970 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 15.10.14 XWiki Platform versions prior to 16.4.6 XWiki Platform versions prior to 16.10.0-rc-1 Description: The issue allows an user to access private information through the REST API when a sub wiki is using...

CVE-2024-55876 XWiki's scheduler in subwiki allows scheduling operations for any main wiki user

XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document...

CVE-2023-29203 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm

XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with uorgsuggest.vm. This issue only concerns hidden users from main...