23 matches found
EUVD-2023-33964
Malicious code in bioql PyPI...
CVE-2024-56435
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality...
PT-2025-3280 · Unknown · Uiextension
Name of the Vulnerable Software and Affected Versions: UIExtension module affected versions not specified Description: The issue concerns a cross-process screen stack vulnerability in the UIExtension module. Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2024-54119
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2024-54117
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality...
PT-2024-36052 · Unknown · Uiextension
Name of the Vulnerable Software and Affected Versions: UIExtension module affected versions not specified Description: The issue is related to a cross-process screen stack vulnerability in the UIExtension module. Successful exploitation of this vulnerability may affect service confidentiality...
Malicious code in custom-ui-extension-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dab5118124877f1b10d3a788f122b5860bb073bbb94ce2f89305ab74521ade9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10259 Malicious code in custom-ui-extension-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dab5118124877f1b10d3a788f122b5860bb073bbb94ce2f89305ab74521ade9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
XWiki Platform 安全漏洞
XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform, which stems from a UI extension whose parameters are always interpreted as Velocity code and executed with programmatic privileges. This...
XWiki Platform Security Vulnerability
XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating collaborative Web applications. A security vulnerability exists in XWiki Platform that stems from a failure of the search management interface to properly escape the id and label of a search user interface extension,...
CVE-2023-35166
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...
Design/Logic Flaw
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...
CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...
CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...
PT-2023-25177 · Unknown · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.5 XWiki Platform versions prior to 15.1-rc-1 Description: The issue allows execution of any wiki content with the rights of the TipsPanel author by creating a tip UI extension. This can be achieved by...
CVE-2023-2480
Missing access permissions checks in M-Files Client before 23.5.12598.0 excluding 23.2 SR2 and newer allows elevation of privilege via UI extension applications...
Privilege escalation
Missing access permissions checks in M-Files Client before 23.5.12598.0 excluding 23.2 SR2 and newer allows elevation of privilege via UI extension applications...
CVE-2023-2480 Elevation of Privilege in M-Files Desktop Client
Missing access permissions checks in M-Files Client before 23.5.12598.0 excluding 23.2 SR2 and newer allows elevation of privilege via UI extension applications...
CVE-2023-2480 Elevation of Privilege in M-Files Desktop Client
Missing access permissions checks in M-Files Client before 23.5.12598.0 excluding 23.2 SR2 and newer allows elevation of privilege via UI extension applications...
PT-2023-19787 · M Files · M-Files Client
Name of the Vulnerable Software and Affected Versions: M-Files Client versions prior to 23.5.12598.0 Description: The issue is related to missing access permissions checks in the M-Files Client, which allows elevation of privilege via UI extension applications. Recommendations: For versions prior...