19 matches found
EUVD-2006-2107
Malware in sbrugna...
EUVD-2025-18284
Malicious code in bioql PyPI...
XWiki allows remote code execution through default value of wiki macro wiki-type parameters
Impact Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation and thus impacts its confidentiality, integrity and availability. The main probl...
CVE-2025-49581 XWiki allows remote code execution through default value of wiki macro wiki-type parameters
XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...
CVE-2025-49581 XWiki allows remote code execution through default value of wiki macro wiki-type parameters
XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...
CVE-2025-49581 XWiki allows remote code execution through default value of wiki macro wiki-type parameters
XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...
PT-2025-25432 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 16.4.7 XWiki versions prior to 16.10.3 XWiki versions prior to 17.0.0 Description: The issue allows any user with edit rights on a page to execute code, including Groovy, Python, and Velocity, with programming rights b...
CVE-2024-55877
XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of XWiki.WikiMacroClass to any page. This compromises the confidentiality, integrity...
CVE-2021-21379
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the wikimacrocontent executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inje...
Vulnerabilities fixed in XWiki Platform
XWiki has fixed vulnerabilities in the XWiki Platform Specifically for versions 15.10.9 and 16.3.0. The vulnerabilities are in the way the XWiki Platform handles user permissions. A malicious user with programming privileges can execute code through the Extension Repository Application, or by...
Xwiki Platform Injection Vulnerability
Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. XWiki Platform is vulnerable to an injection vulnerability that originates from the author of a wiki macro executing content with the privileges of the author of the wiki macro, rather tha...
Stored XSS in wiki macro search
Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...
Stored XSS in wiki macro search
Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...
FreeBSD : trac -- Wiki Macro Script Insertion Vulnerability (400d9d22-d6c5-11da-a14b-00123ffe8333)
Secunia reports : A vulnerability has been reported, which can be exploited by malicious people to conduct script insertion attacks. Input passed using the wiki macro isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed...
DEBIAN-CVE-2006-2106
Cross-site scripting XSS vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro."...
Cross site scripting
Cross-site scripting XSS vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro."...
CVE-2006-2106
Cross-site scripting XSS vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro."...
CVE-2006-2106
Cross-site scripting XSS vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro."...
CVE-2006-2106
Cross-site scripting XSS vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro."...