PT-2026-28493

Name of the Vulnerable Software and Affected Versions TSPortal versions prior to 34 Description TSPortal, the WikiTide Foundation’s in-house platform used by the Trust and Safety team, was found to have a flaw that allowed attackers to create arbitrary user records in the database. This was...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from a database list attribute that could disclose password hashes...

CVE-2024-55876

CVE-2024-55876 affects XWiki Platform. Versions 1.2-milestone-2 through 16.3.0 are vulnerable: any account on the master wiki could execute scheduling operations on subwikis by interacting with Scheduler.WebHome and triggering a job, indicating an insufficient authorization boundary between main ...

Privilege escalation

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

CVE-2023-29520

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been...

CVE-2023-29518

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of...

CVE-2023-26474

XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds...

CVE-2023-26480 XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data

XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds...

CVE-2023-26480

XWiki Platform is vulnerable to a stored cross-site scripting (XSS) via the Live Data macro. A user without script rights can inject XSS starting in version 12.10; this was fixed in versions 14.9, 14.4.7, and 13.10.10. Connected advisories (GHSA-32FQ-M2Q5-H83G and OSV) confirm the stored XSS via ...

Unspecified Vulnerability in XWiki Platform

XWik Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security error vulnerability exists in XWiki Platform. An attacker exploited the vulnerability to cause a degradation in database performance...

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

CVE-2022-41934

CVE-2022-41934 affects XWiki Platform, where any user with view rights on common documents (including the menu macro) can inject and execute arbitrary Groovy, Python, or Velocity code due to improper escaping of macro content and menu macro parameters, potentially gaining full control of the XWik...

CVE-2022-36099

XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...