CVE-2025-66474

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...

XWiki Platform 代码注入漏洞

XWiki Platform is a suite of Wiki platforms for creating collaborative Web applications from the XWiki Foundation in France. The XWiki Platform suffers from a code injection vulnerability that originates from the fact that any user with access to the Invitation.WebHome can execute arbitrary...

CVE-2023-35166

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...

PT-2023-25177 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.5 XWiki Platform versions prior to 15.1-rc-1 Description: The issue allows execution of any wiki content with the rights of the TipsPanel author by creating a tip UI extension. This can be achieved by...

Microsoft Azure DevOps Server Markdown Indexing Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure DevOps Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of markdown files during indexing of wiki content. A crafted...

Redmine cross-site scripting vulnerability (CNVD-2017-31955)

Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . A cross-site scripting vulnerability exists in Redmine versions prior to 3.2.6 and 3.3.x prior to 3.3.3...

Design/Logic Flaw

In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content...

CVE-2017-15573

In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content...

UBUNTU-CVE-2017-15573

In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content...

CVE-2017-15573

In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content...

CVE-2010-1382

Cross-site scripting XSS vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field...

CVE-2010-1382

Cross-site scripting XSS vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field...

USN-911-1: MoinMoin vulnerabilities

It was discovered that several wiki actions and preference settings in MoinMoin were not protected from cross-site request forgery CSRF. If an authenticated user were tricked into visiting a malicious website while logged into MoinMoin, a remote attacker could change the user's configuration or...