5 matches found
The vulnerability of the “Delegate my view right” function in the PDF viewer macro of the XWiki PDF Viewer Macro (Pro) allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the “Delegate my view right” function in the PDF viewer macro of XWiki PDF Viewer Macro Pro relates to the display of confidential information in the source code comments. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access t...
CVE-2024-52298 macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...
PT-2024-8489 · Mozilla · Pdf.Js
Name of the Vulnerable Software and Affected Versions: macro-pdfviewer versions prior to 2.5.6 Description: The macro-pdfviewer, a PDF Viewer Macro for XWiki using Mozilla pdf.js, has a vulnerability that allows an attacker to view any attachment using the "Delegate my view right" feature. This c...
GHSA-MJW9-3F9F-JQ2W XWiki Platform vulnerable to code injection from view right on XWiki.ClassSheet
Impact Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous...
XWiki Platform 注入漏洞
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company XWiki. An injection vulnerability exists in XWiki Platform, which stems from an improperly escaped Macro.VFSTreeMacro, which allows any user with view privileges to execute arbitrary...