Lucene search
K

13 matches found

NVD
NVD
added 2023/04/20 6:15 p.m.66 views

CVE-2023-29528

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...

9CVSS8.9AI score0.01277EPSS
Exploits1References4
Prion
Prion
added 2023/04/16 8:15 a.m.18 views

Cross site scripting

XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11...

4.9CVSS5.1AI score0.00423EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/04/16 7:4 a.m.23 views

CVE-2023-29509 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping o...

9.9CVSS8.6AI score0.76297EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/04/16 7:4 a.m.34 views

CVE-2023-29509 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping o...

9.9CVSS9.8AI score0.76297EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/16 6:52 a.m.41 views

CVE-2023-29507 org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...

9.1CVSS9.4AI score0.00899EPSS
Exploits0References3
NVD
NVD
added 2023/04/15 5:15 p.m.38 views

CVE-2023-29209

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

9.9CVSS9.7AI score0.01144EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/15 4:6 p.m.49 views

CVE-2023-29209 org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

9.9CVSS9.8AI score0.01144EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/15 3:52 p.m.75 views

CVE-2023-29208 Data leak through deleted documents

XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on...

7.5CVSS7.6AI score0.00921EPSS
Exploits1References3
OSV
OSV
added 2023/04/12 8:35 p.m.15 views

GHSA-4655-WH7V-3VMG org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability

Impact Steps to reproduce: It is possible to trick a user with programming rights into visiting...

9CVSS9.4AI score0.00439EPSS
Exploits1References5
OSV
OSV
added 2023/04/12 8:34 p.m.33 views

GHSA-4F8G-FQ6X-JQRR org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents

Impact Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. Patches The problem has been...

7.5CVSS7.4AI score0.00921EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/04/12 8:34 p.m.29 views

org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents

Impact Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. Patches The problem has been...

7.5CVSS7.3AI score0.00921EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/03/03 10:48 p.m.27 views

GHSA-3738-P9X3-MV9R XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author

Impact It's possible to use the right of an existing document content author to execute a text area property. To reproduce: As an admin with programming rights, create a new user without script or programming right. Login with the freshly created user. Insert the following text in source mode in...

9.9CVSS9.2AI score0.00787EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/03/03 10:46 p.m.28 views

Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm

Impact Any user with edit right can execute arbitrary database select and access data stored in the database. To reproduce: In admin, rights, remove scripting rights for XWikiAllGroup. Create a new user without any special privileges. Create a page "Private.WebHome" with TOKEN42 as content. Go to...

6.5CVSS6.5AI score0.00637EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder