2 matches found
CVE-2023-29524 Code injection from account through XWiki.SchedulerJobSheet in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object editor and add a n...
CVE-2023-29525 Privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the since parameter of the /xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration endpoint. This provides an XWik...