Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Commons Security Vulnerabilities

cve
cve

CVE-2022-24897

APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Wr...

7.5CVSS

7.4AI Score

0.003EPSS

2022-05-02 10:15 PM
597
cve
cve

CVE-2022-24898

org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entit...

4.9CVSS

5.1AI Score

0.001EPSS

2022-04-28 08:15 PM
85
cve
cve

CVE-2023-26055

XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places wh...

9.9CVSS

9.3AI Score

0.001EPSS

2023-03-02 07:15 PM
34
cve
cve

CVE-2023-29201

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped <script> and <style>-tags but neither attributes that can be used to inject scripts nor other d...

9CVSS

9.1AI Score

0.004EPSS

2023-04-15 03:15 PM
286
3
cve
cve

CVE-2023-29528

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting v...

9CVSS

8.8AI Score

0.007EPSS

2023-04-20 06:15 PM
25
cve
cve

CVE-2023-31126

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect restricte...

9.6CVSS

8.9AI Score

0.002EPSS

2023-05-09 01:15 PM
30
cve
cve

CVE-2023-36471

Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishing...

9CVSS

5.8AI Score

0.002EPSS

2023-06-29 08:15 PM
40
cve
cve

CVE-2024-31996

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape {, which, when used in certain places, allows XWiki syntax injection and thereby remote code execution....

10CVSS

7.4AI Score

0.0004EPSS

2024-04-10 09:15 PM
53