5 matches found
CVE-2024-31996
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution...
CVE-2024-31996 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution...
CVE-2024-31996 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution...
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
Impact The HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution. To reproduce in an XWiki installation, open...
CVE-2023-29206
XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a...