Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
πŸ”₯ Daily Hot!
πŸ’ͺ🏽 CPE Enhanced Advisories
πŸ•Ά Shadow Exploits
πŸ•΅πŸΌ Vulners CPE
πŸ” Security news
πŸ’» Exploit updates
πŸ“‘ Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
πŸ€– AI High Score
πŸ“° CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEβ€’added 2025/05/23 4:37 a.m.β€’11 views

CVE-2023-35158

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.7AI score0.09548EPSS
Exploits0References1
Prion
Prionβ€’added 2023/06/23 7:15 p.m.β€’21 views

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...

5.8CVSS6AI score0.10311EPSS
Exploits0References7Affected Software1
CVE
CVEβ€’added 2023/06/23 6:48 p.m.β€’90 views

CVE-2023-35160

XWiki Platform (2.5-milestone-2 and earlier) is affected by a reflected cross-site scripting (XSS) vulnerability in the resubmit template, exploitable via crafted URLs using back and xcontinue parameters (e.g., xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(docum...

9.6CVSS7.6AI score0.12069EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blogβ€’added 2022/05/17 2:46 a.m.β€’12 views

Craft CMS subject to URL forgery

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message...

5.3CVSS6.8AI score0.00284EPSS
Exploits0References5Affected Software1
OSV
OSVβ€’added 2022/05/17 2:46 a.m.β€’16 views

GHSA-J27G-R58Q-624W Craft CMS subject to URL forgery

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message...

5.3CVSS5.2AI score0.00284EPSS
Exploits0References5
Github Security Blog
Github Security Blogβ€’added 2021/07/02 7:19 p.m.β€’90 views

No CSRF protection on the password change form

Impact It's possible for forge an URL that, when accessed by an admin, will reset the password of any user in XWiki. Patches The problem has been patched in XWiki 12.10.5, 13.2RC1. Workarounds It's possible to apply the patch manually by modifying the registermacros.vm template like in...

5.7CVSS0.0017EPSS
Exploits1References5Affected Software1
CVE
CVEβ€’added 2019/06/21 2:53 p.m.β€’309 views

CVE-2019-12836

CVE-2019-12836 affects Bobronix JEditor editor for Jira (JEditor) prior to version 3.0.6. The vulnerability is a cross-site request forgery (CSRF) in which an attacker can induce an authenticated user to follow a link that causes a forged request to an out-of-origin domain, enabling theft of sess...

8.8CVSS8.5AI score0.05366EPSS
Exploits2References2Affected Software1
Mageia
Mageiaβ€’added 2015/03/27 9:12 p.m.β€’45 views

Updated drupal packages fix security vulnerabilities

Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password CVE-2015-2559. Under certain circumstances, malicious users can construct a URL that will trick users into being redirected to a 3rd...

6.1CVSS7.2AI score0.00686EPSS
Exploits0References6
Rows per page
Query Builder