100 matches found
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the resource parameter in the ssx and jsx endpoints when a leading slash is used. An attacker can access sensitive configuration files by crafting a URL that traverses directories. Note: This issue is due to...
CVE-2023-29506
XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10...
CVE-2023-29210
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...
CVE-2023-29205
XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be...
CVE-2023-29528
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...
CVE-2023-29211
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights WikiManager.DeleteWiki can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the wiki...
CVE-2023-29208
XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on...
EUVD-2023-0944
Malicious code in bioql PyPI...
EUVD-2023-1399
Malicious code in bioql PyPI...
EUVD-2023-1400
Malicious code in bioql PyPI...
EUVD-2023-1264
Malicious code in bioql PyPI...
EUVD-2023-1188
Malicious code in bioql PyPI...
EUVD-2023-1262
Malicious code in bioql PyPI...
EUVD-2022-1778
Malicious code in bioql PyPI...
EUVD-2023-1420
Malicious code in bioql PyPI...
EUVD-2023-1406
Malicious code in bioql PyPI...
EUVD-2023-1368
Malicious code in bioql PyPI...
CVE-2023-29204
XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as //mydomain.com i.e. omitting the http:. It was also possible to bypass it when using URL...
CVE-2023-29509
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping o...
CVE-2023-29203
XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with uorgsuggest.vm. This issue only concerns hidden users from main...