macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the file parameter. Users with view rights can access restricted PDF attachments if they....
7.7CVSS
6.8AI Score
0.0004EPSS
The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information...
5.3CVSS
5.1AI Score
0.0004EPSS
application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit.....
7.3CVSS
4.5AI Score
0.0004EPSS
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting (XSS) and XWiki syntax...
10CVSS
9.2AI Score
0.006EPSS