66 matches found
GHSA-57Q2-6CP4-9MQ3 XWiki exposes passwords and emails stored in fields not named password/email in xml.vm
Impact The XML export of a page in XWiki that can be triggered by any user with view rights on a page by appending ?xpage=xml to the URL includes password and email properties stored on a document that aren't named password or email. This allows any user to obtain the salted and hashed user accou...
PT-2025-32000 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 1.1 through 16.4.6 XWiki Platform versions 16.5.0-rc-1 through 16.10.4 XWiki Platform versions 17.0.0-rc-1 through 17.1.0 Description: XWiki Platform Legacy Old Core and XWiki Platform Old Core are affected by an issue...
GHSA-2FR7-CC7P-P45Q Data leak of password hash through change requests
Impact Change request allows to edit any page by default, and the changes are then exported in an XML that anyone can download. So it's possible for an attacker to obtain password hash of users by performing edition of the user profiles and then downloading the XML that has been created. This is...
Atlassian Jira 8.0.0 < 8.5.5 Xss In Xml Export View
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.16, 8.0.0 prior to 8.5.5 or 8.6.0 prior to 8.8.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via ...
Atlassian Jira 8.6.0 < 8.8.1 Xss In Xml Export View
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.16, 8.0.0 prior to 8.5.5 or 8.6.0 prior to 8.8.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via ...
Atlassian Jira < 7.13.16 Xss In Xml Export View
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.16, 8.0.0 prior to 8.5.5 or 8.6.0 prior to 8.8.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via ...
Atlassian Jira 8.6.x < 8.13.6 XML Export Cross-Site Scripting
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.12 or 8.14.x prior to 8.17.0. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripti...
Atlassian Jira 8.14.0 < 8.17.0 XML Export Cross-Site Scripting
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.12 or 8.14.x prior to 8.17.0. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripti...
Atlassian Jira < 8.5.14 XML Export Cross-Site Scripting
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.12 or 8.14.x prior to 8.17.0. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripti...
SUSE CVE-2016-6607
XSS issues were discovered in phpMyAdmin. This affects Zoom search specially crafted column content can be used to trigger an XSS attack; GIS editor certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack; Relation view; the following...
CVE-2022-1800
The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability...
Design/Logic Flaw
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...
CVE-2021-26082
The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability...
CVE-2021-26082
The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability...
Cross site scripting
The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability...
CVE-2021-26082
The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability...
CVE-2021-26082
The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability...
CVE-2021-26082
The CVE-2021-26082 issue affects Atlassian Jira Server/Data Center’s XML Export feature, allowing stored cross-site scripting via the XML Export path. Affected ranges: Jira Server/Data Center before 8.5.14; 8.6.0 before 8.13.6; 8.14.0 before 8.17.0. Root cause: improper handling in the XML Export...
Stored XSS on Jira Issue XML Export - CVE-2021-26082
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in XML Export. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0. Affected...
Stored XSS on Jira Issue XML Export - CVE-2021-26082
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in XML Export. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0. Affected...