Lucene search
K

4 matches found

NVD
NVD
added 2023/06/23 7:15 p.m.48 views

CVE-2023-35159

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as:...

9.6CVSS9.3AI score0.02182EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/23 6:26 p.m.13 views

CVE-2023-35158 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.7AI score0.02048EPSS
Exploits0References4
OSV
OSV
added 2023/06/23 6:26 p.m.27 views

CVE-2023-35158 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.2AI score0.02048EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2023/06/21 12:0 a.m.16 views

XWiki 8.1-milestone-1 < 14.10.5, 15.x < 15.1 Privilege Escalation Vulnerability (GHSA-h7cw-44vp-jq7h)

Xwiki is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescripti...

9.9CVSS7.3AI score0.6312EPSS
Exploits1References1
Rows per page
Query Builder