Lucene search
K

9 matches found

Prion
Prion
added 2023/10/25 6:17 p.m.29 views

Remote code execution

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of org.xwiki.platform:xwiki-core-rendering-macro-footnotes and org.xwiki.platform:xwiki-rendering-macro-footnotes and prior to version 15.1-rc-1 of...

6.5CVSS8.9AI score0.01247EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/06/30 7:15 p.m.24 views

Cross site scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of...

4.9CVSS5.4AI score0.00903EPSS
Exploits1References4Affected Software2
Cvelist
Cvelist
added 2023/06/30 6:57 p.m.63 views

CVE-2023-36477 Persistent Cross-site Scripting (XSS) through CKEditor Configuration pages in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of...

9CVSS9.2AI score0.00903EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/06/29 8:31 p.m.13 views

CVE-2023-36470 Code injection in icon themes of XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and thus allows remote...

9.9CVSS7.5AI score0.01916EPSS
Exploits1References5
Prion
Prion
added 2023/06/23 7:15 p.m.18 views

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as:...

5.8CVSS6.2AI score0.02182EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/23 6:52 p.m.13 views

CVE-2023-35162 XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.7AI score0.02377EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/23 6:34 p.m.14 views

CVE-2023-35159 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.7AI score0.02182EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/06/22 7:59 p.m.37 views

XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alertdocument.domain This vulnerability exists sin...

9.6CVSS6.8AI score0.02182EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/20 7:55 p.m.26 views

XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel

Impact It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. To reproduce: Add an object of type UIExtensionClass Set "Extension Point ID" to org.xwiki.platform.help.tipsPanel Set "Extension ID" to org.xwiki.platform.user.test needs to be...

9.9CVSS10AI score0.6312EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder