Lucene search

K
XwikiXwiki Platform Lesscss Script

30 matches found

CVE
CVE
added 2024/01/08 4:15 p.m.216 views

CVE-2024-21650

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "...

10CVSS9.8AI score0.93396EPSS
CVE
CVE
added 2024/04/10 8:15 p.m.106 views

CVE-2024-31982

XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed ...

10CVSS9.7AI score0.94158EPSS
CVE
CVE
added 2024/04/10 9:15 p.m.74 views

CVE-2024-31986

XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an XWiki.SchedulerJobClass XObject, it is possible to execute arbitrary code on the server whenever an adm...

9CVSS9.3AI score0.08259EPSS
CVE
CVE
added 2024/04/10 9:15 p.m.74 views

CVE-2024-31988

XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by ...

9.6CVSS9.2AI score0.08285EPSS
CVE
CVE
added 2024/09/10 4:15 p.m.74 views

CVE-2024-45591

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username a...

5.3CVSS5AI score0.48835EPSS
CVE
CVE
added 2024/04/10 7:15 p.m.71 views

CVE-2024-31464

XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's ...

6.8CVSS6.5AI score0.00173EPSS
CVE
CVE
added 2024/04/10 8:15 p.m.71 views

CVE-2024-31984

XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edi...

9.9CVSS9.7AI score0.70338EPSS
CVE
CVE
added 2024/04/10 9:15 p.m.71 views

CVE-2024-31985

XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in an...

5.4CVSS6.6AI score0.00336EPSS
CVE
CVE
added 2024/04/10 8:15 p.m.67 views

CVE-2024-31983

XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting i...

9.9CVSS7.5AI score0.30123EPSS
CVE
CVE
added 2024/04/10 9:15 p.m.67 views

CVE-2024-31987

XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote cod...

9.9CVSS9.7AI score0.27744EPSS
CVE
CVE
added 2024/04/10 8:15 p.m.65 views

CVE-2024-31465

XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type XWiki.SearchSuggestSourceClass to their user profile or any other page. ...

9.9CVSS6.9AI score0.3531EPSS
CVE
CVE
added 2024/04/10 8:15 p.m.65 views

CVE-2024-31981

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically us...

9.9CVSS9.7AI score0.27744EPSS
CVE
CVE
added 2024/04/10 10:15 p.m.64 views

CVE-2024-31997

XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. This...

9.9CVSS9.7AI score0.60246EPSS
CVE
CVE
added 2024/12/12 8:15 p.m.61 views

CVE-2024-55879

XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of XWiki.ConfigurableClass to any page. This compromises the confidentiality, integrity and availabil...

9.1CVSS9.5AI score0.41539EPSS
CVE
CVE
added 2024/06/20 11:15 p.m.59 views

CVE-2024-37899

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable t...

9CVSS9.1AI score0.4857EPSS
CVE
CVE
added 2024/01/09 12:15 a.m.56 views

CVE-2024-21651

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU con...

7.5CVSS6.3AI score0.00673EPSS
CVE
CVE
added 2024/01/09 12:15 a.m.55 views

CVE-2024-21648

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 1...

8.8CVSS8.8AI score0.0034EPSS
CVE
CVE
added 2024/12/12 7:15 p.m.55 views

CVE-2024-55876

XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document Sched...

5.4CVSS5.5AI score0.00163EPSS
CVE
CVE
added 2024/12/12 8:15 p.m.55 views

CVE-2024-55877

XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of XWiki.WikiMacroClass to any page. This compromises the confidentiality, integrity a...

9.9CVSS9.8AI score0.6328EPSS
CVE
CVE
added 2024/07/31 4:15 p.m.54 views

CVE-2024-37901

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of XWiki.SearchSuggestConfig and XWiki.SearchSuggestSourceClass to their user profile or any ...

9.9CVSS8.2AI score0.05403EPSS
CVE
CVE
added 2024/12/12 6:15 p.m.53 views

CVE-2024-55662

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. This vulnerability has been fixed in X...

9.9CVSS9.5AI score0.35893EPSS
CVE
CVE
added 2024/07/31 4:15 p.m.52 views

CVE-2024-37900

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a mali...

6.4CVSS7.1AI score0.00497EPSS
CVE
CVE
added 2024/07/31 4:15 p.m.51 views

CVE-2024-41947

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confiden...

9CVSS7.1AI score0.0184EPSS
CVE
CVE
added 2024/12/12 7:15 p.m.51 views

CVE-2024-55663

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL. Depending on th...

9.8CVSS6.3AI score0.01189EPSS
CVE
CVE
added 2024/08/19 5:15 p.m.49 views

CVE-2024-43400

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This ...

9CVSS9.1AI score0.03091EPSS
CVE
CVE
added 2024/08/19 5:15 p.m.49 views

CVE-2024-43401

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned befor...

9CVSS9.1AI score0.01017EPSS
CVE
CVE
added 2024/07/31 4:15 p.m.46 views

CVE-2024-37898

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the page ...

4.3CVSS7AI score0.00017EPSS
CVE
CVE
added 2024/06/24 5:15 p.m.46 views

CVE-2024-38369

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able to...

9.9CVSS6.7AI score0.01715EPSS
CVE
CVE
added 2024/09/18 6:15 p.m.45 views

CVE-2024-46979

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type...

5.3CVSS5.1AI score0.00026EPSS
CVE
CVE
added 2024/09/18 6:15 p.m.39 views

CVE-2024-46978

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing noti...

6.5CVSS6.3AI score0.00184EPSS