Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2023/06/20 4:45 p.m.29 views

XWiki Platform may retrieve email addresses of all users

Impact The mail obfuscation configuration was not fully taken into account and while the mail displayed to the end user was obfuscated: - the rest response was also containing the mail unobfuscated - user were able to filter and sort on the unobfuscated allowing to infer the mail content The...

7.5CVSS6.8AI score0.00961EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/20 4:45 p.m.31 views

XWiki Platform's tags on non-viewable pages can be revealed to users

Impact Tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. Patches This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. Workarounds There is no workaround...

4.3CVSS6.5AI score0.00554EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/04/19 12:15 a.m.34 views

CVE-2023-29512

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page e.g., it's own user page, can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is...

9.9CVSS9.6AI score0.01144EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/18 11:1 p.m.30 views

CVE-2023-29525 Privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the since parameter of the /xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration endpoint. This provides an XWik...

9.9CVSS10AI score0.77752EPSS
Exploits1References4
Rows per page
Query Builder