CVE-2025-66472 XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a reflected XSS attack...

EUVD-2022-6706

Malicious code in bioql PyPI...

CVE-2025-8118

PAD CMS implements weak client-side brute-force protection by utilizing two cookies: logincount and logintimeout. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting those cookies. This issue...

CVE-2025-8121 Blind SQL Injection in PAD CMS

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...

The vulnerabilities of the components org.xwiki.platform:xwiki-platform-web and org.xwiki.platform:xwiki-platform-web-templates of the XWiki platform for creating collaborative web applications. XWiki allows attackers to execute arbitrary code.

The vulnerabilities of the components org.xwiki.platform:xwiki-platform-web and org.xwiki.platform:xwiki-platform-web-templates of the XWiki Platform allow attackers to execute arbitrary code. The XWiki Platform is vulnerable due to a lack of mechanisms for escaping output data. Exploiting these...

GHSA-QCJ9-GCPG-4W2W XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled

Impact When document names are validated according to a name strategy disabled by default, XWiki is vulnerable to a reflected XSS attack in the page creation form. To reproduce, make sure that "Validate names before saving" is enabled in the administration under "Editing" - "Name strategies" and...

GHSA-FP36-MJW5-FMGX xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro

Impact If a guest has view rights on any document, it's possible to create a new user using the distribution/firstadminuser.wiki in the wrong context. To reproduce: On a wiki with view rights for guests but user registration disabled, open as guest...

LISTSERV 17 - Reflected Cross Site Scripting Vulnerability

Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Google Dork: inurl:/scripts/wa.exe Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-3919...

LISTSERV 17 - Reflected Cross Site Scripting (XSS)

Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Google Dork: inurl:/scripts/wa.exe Date: 12/01/2022 Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019 CV...

LISTSERV 17 Cross Site Scripting

Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Exploit Author: Shaunt D Vendor Homepage: https://www.lsoft.com/ Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-39195 A reflected cross-site scripting XSS vulnerability in the LISTSERV 17 web interface allows remote...

CVE-2022-3073

The CVE-2022-3073 entry concerns Quanos SCHEMA ST4 example web templates (Bootstrap 2019 v2 through 2022 SP1 v1). Affected component is the *-schema.js script, whose JavaScript injection vulnerability can allow a remote attacker to hijack existing sessions or run scripts in a user’s browser. Docu...

XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor

Impact Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be accessed. This includes private personal information like email addresses and salted password hashes of registered users but also other information stored in properties of objects...

GHSA-H5J3-5X63-P8JV XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard

Impact By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially givin...

XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard

Impact By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially givin...

CVE-2022-36093

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

CVE-2022-36093

CVE-2022-36093 affects XWiki Platform Web Templates. An attacker can create user accounts by sending a distribution-wizard template to the xpart template, even when user registration is disabled, bypassing email verification. The issue can also allow write access on some wiki configurations, and ...

CVE-2022-36093 XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

Design/Logic Flaw

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be accessed in versions prior to 13.10.4 and 14.2. This includes private personal information like...

CVE-2022-36091

Summary: CVE-2022-36091 affects XWiki Platform Web Templates, where the suggestion feature could disclose string/list properties from objects to unauthorized users in versions before 13.10.4 and 14.2. This includes private data (emails, salted password hashes) and other property values, as well a...

CVE-2022-36091 XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be accessed in versions prior to 13.10.4 and 14.2. This includes private personal information like...