3 matches found
CVE-2025-49586
XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application the default for all users XWiki can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0,...
XWiki allows remote code execution through default value of wiki macro wiki-type parameters
Impact Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation and thus impacts its confidentiality, integrity and availability. The main probl...
SharpGPOAbuse - Tool To Take Advantage Of A User'S Edit Rights On A Group Policy Object (GPO) In Order To Compromise The Objects That Are Controlled By That GPO
SharpGPOAbuse is a .NET application written in C that can be used to take advantage of a user's edit rights on a Group Policy Object GPO in order to compromise the objects that are controlled by that GPO. More details can be found at the following blog post:...