Lucene search
+L

5 matches found

BDU FSTEC
BDU FSTEC
added 2024/11/21 12:0 a.m.8 views

The vulnerability of the “Delegate my view right” function in the PDF viewer macro of the XWiki PDF Viewer Macro (Pro) allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the “Delegate my view right” function in the PDF viewer macro of XWiki PDF Viewer Macro Pro relates to the display of confidential information in the source code comments. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access t...

7.8CVSS5.5AI score0.0066EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/11/13 3:42 p.m.17 views

CVE-2024-52298 macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...

7.5CVSS6.5AI score0.0066EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.4 views

PT-2024-8489 · Mozilla · Pdf.Js

Name of the Vulnerable Software and Affected Versions: macro-pdfviewer versions prior to 2.5.6 Description: The macro-pdfviewer, a PDF Viewer Macro for XWiki using Mozilla pdf.js, has a vulnerability that allows an attacker to view any attachment using the "Delegate my view right" feature. This c...

7.8CVSS7.1AI score0.0066EPSS
Exploits1References9
OSV
OSV
added 2023/04/20 10:15 p.m.19 views

GHSA-MJW9-3F9F-JQ2W XWiki Platform vulnerable to code injection from view right on XWiki.ClassSheet

Impact Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous...

8.8CVSS9.5AI score0.01864EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.6 views

XWiki Platform 注入漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company XWiki. An injection vulnerability exists in XWiki Platform, which stems from an improperly escaped Macro.VFSTreeMacro, which allows any user with view privileges to execute arbitrary...

8.8CVSS8.3AI score0.01131EPSS
Exploits1References5
Rows per page
Query Builder