4 matches found
EUVD-2024-2140
Malicious code in bioql PyPI...
CVE-2024-38369
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using include reference="targetdocument"/ is executed with the right of the includer and not with the right of its author. This means that any user able to...
GHSA-663W-2XP3-5739 org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability
Impact The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like commen...
Cross site scripting
org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...