9 matches found
CVE-2023-45134
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-1 and prior to 13.4-rc-1, org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.2 and 15.5-rc-1, and...
XWiki Platform XSS vulnerability from account in the create page form via template provider
Impact An attacker can create a template provider on any document that is part of the wiki could be the attacker's user profile that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL...
GHSA-GR82-8FJ2-GGC3 XWiki Platform XSS vulnerability from account in the create page form via template provider
Impact An attacker can create a template provider on any document that is part of the wiki could be the attacker's user profile that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL...
Cross site scripting
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-1 and prior to 13.4-rc-1, org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.2 and 15.5-rc-1, and...
CVE-2023-45134 XWiki Platform XSS vulnerability from account in the create page form via template provider
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-1 and prior to 13.4-rc-1, org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.2 and 15.5-rc-1, and...
CVE-2023-45134 XWiki Platform XSS vulnerability from account in the create page form via template provider
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-1 and prior to 13.4-rc-1, org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.2 and 15.5-rc-1, and...
PT-2023-29430 · Xwiki · Xwiki Platform +2
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.1-milestone-1 through 13.4-rc-1 org.xwiki.platform:xwiki-platform-web-templates versions prior to 14.10.2 and 15.5-rc-1 org.xwiki.platform:xwiki-web-standard versions 2.4-milestone-2 through 3.1-milestone-1...
XWiki vulnerable to Code Injection in template provider administration
Impact Any user with edit rights on any document e.g., the own user profile can execute code with programming rights, leading to remote code execution by following these steps: 1. Set the title of any document you can edit can be the user profile to async async="true" cached="false"...
GHSA-9J36-3CP4-RH4J XWiki vulnerable to Code Injection in template provider administration
Impact Any user with edit rights on any document e.g., the own user profile can execute code with programming rights, leading to remote code execution by following these steps: 1. Set the title of any document you can edit can be the user profile to async async="true" cached="false"...