Xwiki

Xwiki

239 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-29522

Exploit
  • EPSS 2.83%
  • Published 19.04.2023 00:15:08
  • Last modified 21.11.2024 07:57:13

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unres...

8.8

CVE-2023-29523

Exploit
  • EPSS 16.23%
  • Published 19.04.2023 00:15:08
  • Last modified 21.11.2024 07:57:13

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execut...

8.8

CVE-2023-29213

Exploit
  • EPSS 1.07%
  • Published 17.04.2023 22:15:10
  • Last modified 21.11.2024 07:56:43

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-ui` it is possible to trick a user with programming rights into visiting a con...

5.4

CVE-2023-29508

  • EPSS 0.52%
  • Published 16.04.2023 08:15:07
  • Last modified 11.04.2025 14:50:31

XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has be...

8.8

CVE-2023-29509

Exploit
  • EPSS 33.33%
  • Published 16.04.2023 08:15:07
  • Last modified 21.11.2024 07:57:12

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki inst...

8.8

CVE-2023-29511

Exploit
  • EPSS 2.14%
  • Published 16.04.2023 08:15:07
  • Last modified 21.11.2024 07:57:12

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full ac...

8.8

CVE-2023-30537

Exploit
  • EPSS 2.15%
  • Published 16.04.2023 08:15:07
  • Last modified 21.11.2024 08:00:22

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the X...

8.8

CVE-2023-29212

Exploit
  • EPSS 9.47%
  • Published 16.04.2023 07:15:53
  • Last modified 21.11.2024 07:56:43

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is impro...

8.8

CVE-2023-29214

Exploit
  • EPSS 8.15%
  • Published 16.04.2023 07:15:53
  • Last modified 21.11.2024 07:56:43

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is impro...

6.1

CVE-2023-29506

Exploit
  • EPSS 47.88%
  • Published 16.04.2023 07:15:53
  • Last modified 21.11.2024 07:57:11

XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.