Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CNVD
CNVDadded 2022/11/24 12:0 a.m.17 views

XWiki Platform Authorization Issues Vulnerability

XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. An authorization issue vulnerability exists in XWiki Platform versions prior to 13.10.8, 14.0 and later, and 14.4.3 and earlier, which stems from incorrect privilege management and can b...

9.6CVSS8.5AI score0.09729EPSS
Exploits0References1
Prion
Prionadded 2022/11/22 1:15 a.m.8 views

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a...

5.5CVSS7.8AI score0.09729EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2022/11/22 12:0 a.m.15 views

CVE-2022-41937 Missing Authorization in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a...

9.6CVSS9.4AI score0.09729EPSS
Exploits0References3
CVE
CVEadded 2022/11/22 12:0 a.m.66 views

CVE-2022-41937

XWiki Platform suffered a Missing Authorization vulnerability where any user with view access could modify pages by importing a crafted XAR package. The issue stems from improper privilege management and was fixed in XWiki 14.6RC1, 14.6, and 13.10.8. A workaround is to restrict the Filter.WebHome...

9.6CVSS8.2AI score0.09729EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2022/11/22 12:0 a.m.14 views

CVE-2022-41937 Missing Authorization in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a...

9.6CVSS7.6AI score0.09729EPSS
Exploits0References5
OpenVAS
OpenVASadded 2020/02/07 12:0 a.m.25 views

Fedora: Security Advisory for xar (FEDORA-2020-edf53cd770)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.02396EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2010/07/01 12:0 a.m.25 views

Fedora 13 : xar-1.5.2-6.fc13 (2010-7613)

This update fixes CVE-2010-0055, an issue where xar did not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisor...

10CVSS7AI score0.00399EPSS
Exploits0References3
Rows per page
Query Builder