Xwiki

Xwiki

244 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-29511

Exploit
  • EPSS 1.78%
  • Veröffentlicht 16.04.2023 08:15:07
  • Zuletzt bearbeitet 21.11.2024 07:57:12

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full ac...

8.8

CVE-2023-30537

Exploit
  • EPSS 1.79%
  • Veröffentlicht 16.04.2023 08:15:07
  • Zuletzt bearbeitet 21.11.2024 08:00:22

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the X...

8.8

CVE-2023-29212

Exploit
  • EPSS 7.16%
  • Veröffentlicht 16.04.2023 07:15:53
  • Zuletzt bearbeitet 21.11.2024 07:56:43

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is impro...

8.8

CVE-2023-29214

Exploit
  • EPSS 6.14%
  • Veröffentlicht 16.04.2023 07:15:53
  • Zuletzt bearbeitet 21.11.2024 07:56:43

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is impro...

6.1

CVE-2023-29506

Exploit
  • EPSS 38.06%
  • Veröffentlicht 16.04.2023 07:15:53
  • Zuletzt bearbeitet 21.11.2024 07:57:11

XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.

7.2

CVE-2023-29507

  • EPSS 0.85%
  • Veröffentlicht 16.04.2023 07:15:53
  • Zuletzt bearbeitet 06.02.2025 17:15:16

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of sc...

8.8

CVE-2023-29211

Exploit
  • EPSS 7.16%
  • Veröffentlicht 16.04.2023 07:15:52
  • Zuletzt bearbeitet 21.11.2024 07:56:43

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights `WikiManager.DeleteWiki` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation...

8.8

CVE-2023-29209

Exploit
  • EPSS 2.13%
  • Veröffentlicht 15.04.2023 17:15:07
  • Zuletzt bearbeitet 21.11.2024 07:56:43

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code ...

8.8

CVE-2023-29210

Exploit
  • EPSS 6.94%
  • Veröffentlicht 15.04.2023 17:15:07
  • Zuletzt bearbeitet 21.11.2024 07:56:43

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in ...

5.3

CVE-2023-29203

Exploit
  • EPSS 0.18%
  • Veröffentlicht 15.04.2023 16:15:07
  • Zuletzt bearbeitet 21.11.2024 07:56:42

XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgsuggest.vm`....