XWiki Platform 代码注入漏洞

XWiki Platform is a suite of Wiki platforms for creating collaborative Web applications from the XWiki Foundation in France. The XWiki Platform suffers from a code injection vulnerability that originates from the fact that any user with access to the Invitation.WebHome can execute arbitrary...

CVE-2023-29509

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping o...

PT-2023-22764 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.7 XWiki Platform versions prior to 14.10 Description: The issue allows any user with the right to add an object on a page to execute arbitrary Groovy, Python, or...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to 1 bin/viewrev/Main/WebHome and 2 bin/view/Blog, and the 3 registerfirstname and 4 registerlastname parameters to bin/register/XWiki/Register...