100 matches found
XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis
Impact XWiki's REST API doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of pages in the wiki and the memory configuration, this can lead to slowness and unavailability of the wiki. As an example, the...
Cross-site Scripting (XSS)
com.liferay, com.liferay.mentions.web are vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in name-related text fields, which allows an attacker to inject malicious scripts that execute in various widgets or apps such as comments,...
EUVD-2022-5220
Malicious code in bioql PyPI...
EUVD-2025-6733
Malicious code in bioql PyPI...
EUVD-2022-24731
Malicious code in bioql PyPI...
EUVD-2022-5838
Malicious code in bioql PyPI...
EUVD-2024-26878
Malicious code in bioql PyPI...
CVE-2022-1417
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...
CVE-2025-32783 XWiki allows unregistered users to see "public" messages from a closed wiki via notifications from a different wiki
XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enabled and a wiki configured as closed from selecting "Prevent unregistered users to view pages" in the Administrations Rights. The vulnerability is that any message sent i...
CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...
CVE-2024-31983
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. Starting i...
CVE-2024-31983 XWiki Platform: Remote code execution from edit in multilingual wikis via translations
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. Starting i...
CVE-2024-31983 XWiki Platform: Remote code execution from edit in multilingual wikis via translations
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. Starting i...
GHSA-XXP2-9C9G-7WMJ XWiki Platform: Remote code execution from edit in multilingual wikis via translations
Impact In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. This can be exploited for remote code executio...
XWiki Platform: Remote code execution from edit in multilingual wikis via translations
Impact In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. This can be exploited for remote code executio...
XWiki Platform 安全漏洞
XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating Web collaboration applications. A security vulnerability exists in XWiki Platform, which stems from a database search in XWiki that allows remote code execution via search text. This allows any visitor to a public wiki ...
CVE-2024-29897
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with delete or suppressrevision on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. T...
CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...
CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...
CVE-2024-29898
The CVE-2024-29898 entry concerns Miraheze’s CreateWiki (MediaWiki extension). Affected behavior: during patching for CVE-2024-29897, an oversight could cause suppressed wiki requests listed on Special:RequestWikiQueue to be accessible to users on private wikis who had the (read) permission not r...