Xwiki Platform Lesscss Script Security Vulnerabilities and Issues — Xwiki Platform Lesscss Script CVE List

Lucene search

XwikiXwiki Platform Lesscss Script

8 matches found

CVE•added 2021/05/28 9:15 p.m.•117 views

CVE-2021-32621

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The issue has been p...

8.8CVSS8.8AI score0.00691EPSS

CVE•added 2021/03/23 11:15 p.m.•84 views

CVE-2021-21380

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search...

8.8CVSS8.4AI score0.02903EPSS

CVE•added 2021/07/01 7:15 p.m.•74 views

CVE-2021-32731

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) versions 13.1RC1 and 13.1, the reset password form reveals the email address of users just by giving their username. The problem has been patched on XWiki 13.2RC1. As a w...

5.3CVSS5.2AI score0.00171EPSS

CVE•added 2021/05/28 9:15 p.m.•73 views

CVE-2021-32620

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link provided for his ...

8.8CVSS8.7AI score0.0029EPSS

CVE•added 2021/03/12 6:15 p.m.•70 views

CVE-2021-21379

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the {{wikimacrocontent}} executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to in...

7.7CVSS5.7AI score0.00442EPSS

CVE•added 2021/07/01 6:15 p.m.•69 views

CVE-2021-32730

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions prior to 12.10.5, and in versions 13.0 through 13.1. It's possible for forge an URL that, when accessed by an admin, will reset the ...

5.7CVSS5.5AI score0.0017EPSS

CVE•added 2021/07/01 5:15 p.m.•64 views

CVE-2021-32729

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user with Script rights ...

5.5CVSS4.5AI score0.00046EPSS

CVE•added 2021/04/20 7:15 p.m.•38 views

CVE-2021-29459

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their personal information a...

9.6CVSS6.3AI score0.00423EPSS