22 matches found
EUVD-2024-45836
Malicious code in bioql PyPI...
EUVD-2024-28186
Malicious code in bioql PyPI...
CVE-2024-52299
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest...
The vulnerability of the “Delegate my view right” function in the PDF viewer macro of the XWiki PDF Viewer Macro (Pro) allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the “Delegate my view right” function in the PDF viewer macro of XWiki PDF Viewer Macro Pro relates to the display of confidential information in the source code comments. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access t...
The vulnerability of the PDF document viewing tool within the XWiki PDF Viewer Macro (Pro) allows attackers to perform cross-site scripting attacks by exploiting a lack of protection for the structure of web pages.
The vulnerability of the PDF document viewing tool within the XWiki PDF Viewer Macro Pro is related to the lack of measures taken to protect the structure of the web page during the processing of the width parameter. Exploiting this vulnerability allows a malicious actor to perform cross-site...
CVE-2024-52298
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...
CVE-2024-52298 macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...
CVE-2024-52298
The CVE-2024-52298 issue affects the macro-pdfviewer (XWiki) that uses Mozilla pdf.js. An attacker can view any attachment by exploiting the Delegate my view right privilege if they can access a page whose last author has permission to the attachment. The attacker needs only a reference to a PDF ...
CVE-2024-52298 macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...
CVE-2024-52299 The PDF viewer macro allows accessing any attachment without access right checks
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest...
CVE-2024-52300
The CVE-2024-52300 issue affects the XWiki macro-pdfviewer (PDF Viewer Macro) that uses Mozilla pdf.js. The width parameter is not properly escaped, enabling cross-site scripting (XSS) when an admin can edit a page, potentially impacting confidentiality, integrity, and availability of the entire ...
CVE-2024-52300 macro-pdfviewer has a XSS through the width parameter
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin...
CVE-2024-52300 macro-pdfviewer has a XSS through the width parameter
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin...
CVE-2024-52300 macro-pdfviewer has a XSS through the width parameter
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin...
PDF Viewer Macro 安全漏洞
PDF Viewer Macro is an open source macro for XWiki SAS. It allows viewing PDF files attached to XWiki pages from within the XWiki page. A security vulnerability exists in PDF Viewer Macro prior to version 2.5.6, which stems from the width parameter of the PDF Viewer Macro not being properly...
PDF Viewer Macro 安全漏洞
PDF Viewer Macro is an open source macro for XWiki SAS. It allows viewing PDF files attached to XWiki pages from within the XWiki page. A security vulnerability exists in PDF Viewer Macro prior to version 2.5.6, which stems from the fact that any user with viewing privileges to...
PDF Viewer Macro 安全漏洞
PDF Viewer Macro is an open source macro for XWiki SAS. It allows viewing PDF files attached to XWiki pages from within the XWiki page. A security vulnerability exists in PDF Viewer Macro prior to version 2.5.6, which stems from a PDF Viewer Macro that allows an attacker to view any attachment...
CVE-2024-30263 The PDF Viewer macro can be used to view PDF attachments with restricted access
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the file parameter. Users with view rights can access restricted PDF attachments if the...
CVE-2024-30263 The PDF Viewer macro can be used to view PDF attachments with restricted access
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the file parameter. Users with view rights can access restricted PDF attachments if the...
CVE-2024-30263
The CVE-2024-30263 issue affects macro-pdfviewer, a PDF Viewer Macro for XWiki that uses Mozilla pdf.js. The vulnerability allows users with editing rights to access restricted PDF attachments by supplying the attachment URL as the value of the file parameter, and users with view rights can acces...