CVE-2023-36471
- EPSS 0.6%
- Published 29.06.2023 20:15:10
- Last modified 21.11.2024 08:09:46
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to ...
- EPSS 4.79%
- Published 20.04.2023 18:15:07
- Last modified 21.11.2024 07:57:14
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of ar...
CVE-2023-26055
- EPSS 0.87%
- Published 02.03.2023 19:15:10
- Last modified 21.11.2024 07:50:40
XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerabi...
CVE-2022-24898
- EPSS 0.13%
- Published 28.04.2022 20:15:07
- Last modified 21.11.2024 06:51:20
org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running...