Lucene search
K

5 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0368

Malicious code in bioql PyPI...

9CVSS8.7AI score0.18734EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/04/10 5:7 p.m.26 views

XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted

Impact It is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's possible for an attacker to have access to the hash password of a user if they have rights to edit the users' page. No...

6.8CVSS6.7AI score0.00376EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2023/04/18 10:53 p.m.48 views

CVE-2023-29527

CVE-2023-29527 affects XWiki Platform. A user lacking script/Programming rights could insert groovy script content into a profile or document via the wiki editor; saving the document would cause the server to execute that groovy code, enabling code execution. The issue is tied to XWiki’s handling...

9.9CVSS9.3AI score0.0109EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/04 2:24 p.m.7 views

CVE-2023-22457 org.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery CSRF, allowing to execute macros with the rights of the current user. If a privileged user with...

9CVSS9.6AI score0.18734EPSS
Exploits1References3
OSV
OSV
added 2022/04/28 9:16 p.m.6 views

GHSA-CVX5-M8VG-VXGC Arbitrary filesystem write access from velocity.

Impact The velocity scripts is not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Now writing an attacking script in velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which...

7.5CVSS5.8AI score0.01476EPSS
Exploits1References6
Rows per page
Query Builder