CVE-2007-4898
- EPSS 0.05%
- Veröffentlicht 14.09.2007 18:17:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 Enterprise RC2 allows remote authenticated users, with administrative access to one wiki in a multiwiki environment, to obtain sensitive information via unknown attack vectors. NO...
CVE-2006-7223
- EPSS 0.42%
- Veröffentlicht 14.09.2007 00:17:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a docume...
CVE-2007-4888
- EPSS 0.05%
- Veröffentlicht 14.09.2007 00:17:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents vi...
- EPSS 0.07%
- Veröffentlicht 31.12.2005 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password.