Xwiki

Xwiki

239 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-29522

Exploit
  • EPSS 2.83%
  • Veröffentlicht 19.04.2023 00:15:08
  • Zuletzt bearbeitet 21.11.2024 07:57:13

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unres...

8.8

CVE-2023-29523

Exploit
  • EPSS 16.23%
  • Veröffentlicht 19.04.2023 00:15:08
  • Zuletzt bearbeitet 21.11.2024 07:57:13

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execut...

8.8

CVE-2023-29213

Exploit
  • EPSS 1.07%
  • Veröffentlicht 17.04.2023 22:15:10
  • Zuletzt bearbeitet 21.11.2024 07:56:43

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-ui` it is possible to trick a user with programming rights into visiting a con...

5.4

CVE-2023-29508

  • EPSS 0.52%
  • Veröffentlicht 16.04.2023 08:15:07
  • Zuletzt bearbeitet 11.04.2025 14:50:31

XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has be...

8.8

CVE-2023-29509

Exploit
  • EPSS 33.33%
  • Veröffentlicht 16.04.2023 08:15:07
  • Zuletzt bearbeitet 21.11.2024 07:57:12

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki inst...

8.8

CVE-2023-29511

Exploit
  • EPSS 2.14%
  • Veröffentlicht 16.04.2023 08:15:07
  • Zuletzt bearbeitet 21.11.2024 07:57:12

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full ac...

8.8

CVE-2023-30537

Exploit
  • EPSS 2.15%
  • Veröffentlicht 16.04.2023 08:15:07
  • Zuletzt bearbeitet 21.11.2024 08:00:22

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the X...

8.8

CVE-2023-29212

Exploit
  • EPSS 9.47%
  • Veröffentlicht 16.04.2023 07:15:53
  • Zuletzt bearbeitet 21.11.2024 07:56:43

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is impro...

8.8

CVE-2023-29214

Exploit
  • EPSS 8.15%
  • Veröffentlicht 16.04.2023 07:15:53
  • Zuletzt bearbeitet 21.11.2024 07:56:43

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is impro...

6.1

CVE-2023-29506

Exploit
  • EPSS 47.88%
  • Veröffentlicht 16.04.2023 07:15:53
  • Zuletzt bearbeitet 21.11.2024 07:57:11

XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.