4 matches found
EUVD-2022-7387
Malicious code in bioql PyPI...
CVE-2022-41927
XWiki Platform is vulnerable to Cross-Site Request Forgery CSRF that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the pag...
CVE-2022-41927 XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
XWiki Platform is vulnerable to Cross-Site Request Forgery CSRF that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the pag...
GHSA-MQ7H-5574-HW9F Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
Impact It's possible with a simple request to perform deletion or renaming of tags without needing any confirmation, by using a CSRF attack. Patches The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds It's possible to patch existing instances directly by editing the pag...