Lucene search
K
XwikiCommons

4 matches found

CVE
CVE
added 2022/04/28 7:35 p.m.120 views

CVE-2022-24898

CVE-2022-24898 affects org.xwiki.commons:xwiki-commons-xml, a common module used by XWiki projects. The issue is XML External Entity Injection via the XML script service, allowing a script to access files on the user running the XWiki server. Affected: 2.7 up to but not including patched versions...

4.9CVSS5.1AI score0.01408EPSS
CVE
CVE
added 2023/06/29 7:44 p.m.87 views

CVE-2023-36471

CVE-2023-36471 affects XWiki Commons HTML sanitizer (XWiki Commons) where allowed tags include form/input elements. The underlying issue is that the HTML sanitizer allowed form-related tags since 14.6RC1, enabling an attacker without scripting rights to craft a form that could trigger remote code...

9CVSS7.5AI score0.01021EPSS
CVE
CVE
added 2023/03/02 6:48 p.m.77 views

CVE-2023-26055

CVE-2023-26055 affects XWiki Commons. Starting with version 3.1-milestone-1, any user can edit their own profile and inject code that runs with programming privileges; the vulnerability also appears in other short text fields displayed in Apps Within Minutes. The issue has been patched in version...

9.9CVSS9.4AI score0.01163EPSS
CVE
CVE
added 2023/04/20 5:8 p.m.57 views

CVE-2023-29528

CVE-2023-29528 concerns XWiki Commons: the historic “restricted” HTML cleaning mode could be bypassed via invalid HTML comments, enabling cross-site scripting and potentially server-side code execution with programming rights when a privileged user views a crafted comment. Root cause is the HTML ...

9CVSS8.9AI score0.01277EPSS