66 matches found
CVE-2026-4169
A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function Fxmlexportusers of the file admin/code/tcexmlusers.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are stil...
CVE-2026-4169
A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function Fxmlexportusers of the file admin/code/tcexmlusers.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are stil...
CVE-2026-4169 Tecnick TCExam XML Export tce_xml_users.php F_xml_export_users cross site scripting
A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function Fxmlexportusers of the file admin/code/tcexmlusers.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are stil...
CVE-2026-4169
The CVE-2026-4169 entry describes a cross-site scripting vulnerability in Tecnick TCExam up to version 16.6.0, specifically in the XML Export component: the function F_xml_export_users inside admin/code/tce_xml_users.php. Exploitation requires manipulating input and is noted as remotely explorabl...
CVE-2026-4169 Tecnick TCExam XML Export tce_xml_users.php F_xml_export_users cross site scripting
A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function Fxmlexportusers of the file admin/code/tcexmlusers.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are stil...
CVE-2026-4169
A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function Fxmlexportusers of the file admin/code/tcexmlusers.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are stil...
CVE-2025-13066
The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.0.6. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. Th...
EUVD-2015-8261
Malware in sbrugna...
EUVD-2021-12903
Malware in sbrugna...
EUVD-2020-25286
Malware in sbrugna...
EUVD-2004-1628
Malware in sbrugna...
EUVD-2025-23670
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2025-54125
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, the XML export of a page in XWiki that can b...
CVE-2025-54125
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, the XML export of a page in XWiki that can b...
XWiki Platform 安全漏洞
XWiki Platform is XWiki's open source suite of Wiki platforms for creating Web collaboration applications. A security vulnerability exists in XWiki Platform that stems from an XML export that may contain password and email attributes...
CVE-2025-54125 XWiki Platform: Password and email exposure in xml.vm fields
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, the XML export of a page in XWiki that can b...
CVE-2025-54125
CVE-2025-54125 affects XWiki Platform (Legacy Old Core / Old Core) where triggering XML export via a page URL parameter (?xpage=xml) can reveal password and email fields stored on a document that are not named password or email. The root cause is the XML view output including sensitive fields in ...
CVE-2025-54125 XWiki Platform: Password and email exposure in xml.vm fields
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, the XML export of a page in XWiki that can b...
CVE-2025-54125 XWiki Platform: Password and email exposure in xml.vm fields
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, the XML export of a page in XWiki that can b...
XWiki exposes passwords and emails stored in fields not named password/email in xml.vm
Impact The XML export of a page in XWiki that can be triggered by any user with view rights on a page by appending ?xpage=xml to the URL includes password and email properties stored on a document that aren't named password or email. This allows any user to obtain the salted and hashed user accou...