VYPR

Xwiki Platform

by Cryptpad

Source repositories

CVEs (230)

  • CVE-2023-29519Apr 18, 2023
    risk 0.00cvss epss 0.02

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a…

  • CVE-2023-29518Apr 18, 2023
    risk 0.00cvss epss 0.01

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping…

  • CVE-2023-29523Apr 18, 2023
    risk 0.00cvss epss 0.02

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted…

  • CVE-2023-29525Apr 18, 2023
    risk 0.00cvss epss 0.78

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the `since` parameter of the `/xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration` endpoint.…

  • CVE-2023-29213Apr 17, 2023
    risk 0.00cvss epss 0.00

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-ui` it is possible to trick a user with programming rights into visiting a constructed url where e.g., by…

  • CVE-2023-29511Apr 16, 2023
    risk 0.00cvss epss 0.01

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki…

  • CVE-2023-30537Apr 16, 2023
    risk 0.00cvss epss 0.01

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root…

  • CVE-2023-29509Apr 16, 2023
    risk 0.00cvss epss 0.76

    XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is…

  • CVE-2023-29508Apr 16, 2023
    risk 0.00cvss epss 0.00

    XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10,…

  • CVE-2023-29507Apr 16, 2023
    risk 0.00cvss epss 0.01

    XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is…

  • CVE-2023-29506Apr 16, 2023
    risk 0.00cvss epss 0.02

    XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.

  • CVE-2023-29214Apr 16, 2023
    risk 0.00cvss epss 0.01

    XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included…

  • CVE-2023-29212Apr 16, 2023
    risk 0.00cvss epss 0.01

    XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included…

  • CVE-2023-29211Apr 16, 2023
    risk 0.00cvss epss 0.01

    XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights `WikiManager.DeleteWiki` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper…

  • CVE-2023-29210Apr 15, 2023
    risk 0.00cvss epss 0.01

    XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access…

  • CVE-2023-29209Apr 15, 2023
    risk 0.00cvss epss 0.01

    XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full…

  • CVE-2023-29208Apr 15, 2023
    risk 0.00cvss epss 0.01

    XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view…

  • CVE-2023-29207Apr 15, 2023
    risk 0.00cvss epss 0.01

    XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents…

  • CVE-2023-29206Apr 15, 2023
    risk 0.00cvss epss 0.01

    XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object…

  • CVE-2023-29205Apr 15, 2023
    risk 0.00cvss epss 0.01

    XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS…

Page 8 of 12