Xwiki

Xwiki

248 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-36469

Exploit
  • EPSS 82.71%
  • Veröffentlicht 29.06.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:09:46

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros tha...

8.8

CVE-2023-36470

Exploit
  • EPSS 1.67%
  • Veröffentlicht 29.06.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:09:46

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed...

6.1

CVE-2023-35155

Exploit
  • EPSS 1.5%
  • Veröffentlicht 23.06.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:08:03

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter`...

6.1

CVE-2023-35156

  • EPSS 2.08%
  • Veröffentlicht 23.06.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:08:03

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the delete template to pe...

4.8

CVE-2023-35157

  • EPSS 0.63%
  • Veröffentlicht 23.06.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:08:03

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited...

6.1

CVE-2023-35158

  • EPSS 2.05%
  • Veröffentlicht 23.06.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:08:03

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to p...

6.1

CVE-2023-35159

  • EPSS 2.18%
  • Veröffentlicht 23.06.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:08:03

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the deletespace template ...

6.1

CVE-2023-35160

  • EPSS 2.27%
  • Veröffentlicht 23.06.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:08:03

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the resubmit template to ...

6.1

CVE-2023-35161

  • EPSS 2.38%
  • Veröffentlicht 23.06.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:08:03

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication pag...

6.1

CVE-2023-35162

  • EPSS 2.4%
  • Veröffentlicht 23.06.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:08:04

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the previewactions templa...