19 matches found
EUVD-2025-13301
Malicious code in bioql PyPI...
EUVD-2025-6756
Malicious code in bioql PyPI...
CVE-2025-47201
In Intrexx Portal Server before 12.0.4, multiple Velocity-Scripts are susceptible to the execution of unrequested JavaScript code in HTML, aka XSS...
CVE-2025-47201
In Intrexx Portal Server before 12.0.4, multiple Velocity-Scripts are susceptible to the execution of unrequested JavaScript code in HTML, aka XSS...
CVE-2025-47201
In Intrexx Portal Server before 12.0.4, multiple Velocity-Scripts are susceptible to the execution of unrequested JavaScript code in HTML, aka XSS...
CVE-2025-47201
In Intrexx Portal Server before 12.0.4, multiple Velocity-Scripts are susceptible to the execution of unrequested JavaScript code in HTML, aka XSS...
CVE-2025-47201
CVE-2025-47201 affects Intrexx Portal Server prior to 12.0.4. The issue stems from multiple Velocity-Scripts that may execute unrequested JavaScript in HTML, enabling a cross-site scripting (XSS) condition. Exploitation details are not provided in the documents. Remediation: update to version 12....
Intrexx Portal Server 安全漏洞
Intrexx Portal Server is a cross-platform development environment from Intrexx Corporation. A security vulnerability exists in Intrexx Portal Server versions prior to 12.0.4 that stems from multiple Velocity-Scripts that may execute unsolicited JavaScript code, potentially leading to a cross-site...
CVE-2025-47201
In Intrexx Portal Server before 12.0.4, multiple Velocity-Scripts are susceptible to the execution of unrequested JavaScript code in HTML, aka XSS...
CVE-2025-30092
Intrexx Portal Server 12.x = 12.0.2 and 11.x = 11.9.2 allows XSS in multiple Velocity scripts...
CVE-2025-30092
Intrexx Portal Server 12.x = 12.0.2 and 11.x = 11.9.2 allows XSS in multiple Velocity scripts...
CVE-2025-30092
Intrexx Portal Server 12.x = 12.0.2 and 11.x = 11.9.2 allows XSS in multiple Velocity scripts...
CVE-2025-30092
CVE-2025-30092 affects Intrexx Portal Server versions 12.x up to 12.0.2 and 11.x up to 11.9.2, with a stored/reflected cross-site scripting (XSS) vulnerability in multiple Velocity scripts. The CVE entry lists a CVSSv3.1 base score of 6.1 (Medium) with network access and user interaction required...
Intrexx Portal Server 安全漏洞
Intrexx Portal Server is a cross-platform development environment from Intrexx Corporation. A security vulnerability exists in Intrexx Portal Server versions 12.0.2 and earlier and 11.9.2 and earlier that stems from a cross-site scripting issue with multiple Velocity scripts...
CVE-2023-50732 Velocity execution without script right through tree macro
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1...
XWiki Platform Security Vulnerability
XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating collaborative Web applications. A security vulnerability exists in XWiki Platform that stems from the ability to execute unscripted Velocity scripts directly through the document tree...
CVE-2022-24897 Arbitrary filesystem write access from Velocity
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem...
XWiki Commons 路径遍历漏洞
XWiki Commons is a technology library shared by several other top XWiki projects. XWiki Commons suffers from a security vulnerability that stems from velocity scripts not being properly sandboxed to perform read or write operations to the file system using the Java File API...
PT-2022-16966 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions 2.3 through 12.6.6 XWiki versions 12.7.0 through 12.10.2 XWiki versions 13.0.0 through 13.0.0 before 13.0RC1 Description: The velocity scripts are not properly sandboxed against using the Java File API to perform read or write...