3 matches found
CVE-2023-40572
XWiki Platform is vulnerable to a CSRF-based privilege escalation leading to remote code execution via the create action when a user with script rights visits a crafted image. The issue arises because the create action can be triggered without a CSRF token, enabling script execution and compromis...
Obfuscated email addresses should not be sorted
Impact The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps. Patches This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1. Workarounds The workaround is t...
CVE-2023-38509 XWiki Platform's obfuscated email addresses should not be sorted
XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This...