CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21648 – XWiki has no right protection on rollback action
https://notcve.org/view.php?id=CVE-2024-21648
08 Jan 2024 — XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback. XWiki Platform es una plataforma wiki genérica que ofrece servicios de ejecución para aplicaciones creadas sobre ella. A ... • https://github.com/xwiki/xwiki-platform/commit/4de72875ca49602796165412741033bfdbf1e680 • CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 10.0EPSS: 93%CPEs: 3EXPL: 2CVE-2024-21650 – XWiki Remote Code Execution vulnerability via user registration
https://notcve.org/view.php?id=CVE-2024-21650
08 Jan 2024 — XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests. This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1... • https://github.com/codeb0ss/CVE-2024-21650-PoC • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 5.3EPSS: 30%CPEs: 5EXPL: 0CVE-2023-50720 – XWiki Platform Solr search discloses email addresses of users
https://notcve.org/view.php?id=CVE-2023-50720
15 Dec 2023 — XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability. • https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48293 – XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries
https://notcve.org/view.php?id=CVE-2023-48293
20 Nov 2023 — The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allows modifying and deleting all data of the wiki. This could be both used to damage the wiki and to create an account with elevated privileges for the attacker, thus impacting the confidentiality, integrity and availab... • https://github.com/xwiki-contrib/application-admintools/commit/45298b4fbcafba6914537dcdd798a1e1385f9e46 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 57%CPEs: 2EXPL: 1CVE-2023-46731 – Remote code execution through the section parameter in Administration as guest in XWiki Platform
https://notcve.org/view.php?id=CVE-2023-46731
06 Nov 2023 — XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been p... • https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.0EPSS: 3%CPEs: 9EXPL: 1CVE-2023-40573 – XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution
https://notcve.org/view.php?id=CVE-2023-40573
24 Aug 2023 — XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn't modify the content author. Together with a CSRF vulnerability in the job scheduler, this can be exploited for remote code execution by an attacker with edit right on the wiki. • https://github.com/xwiki/xwiki-platform/commit/fcdcfed3fe2e8a3cad66ae0610795a2d58ab9662 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 1%CPEs: 9EXPL: 1CVE-2023-40572 – XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action
https://notcve.org/view.php?id=CVE-2023-40572
24 Aug 2023 — XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This... • https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.4EPSS: 1%CPEs: 2EXPL: 0CVE-2023-35157 – XWiki Platform vulnerable to reflected cross-site scripting via delattachment action
https://notcve.org/view.php?id=CVE-2023-35157
23 Jun 2023 — XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. The vulnerability has been patched in XWiki 15.1-rc-1 and XWiki 14.10.6. • https://github.com/xwiki/xwiki-platform/commit/35e9073ffec567861e0abeea072bd97921a3decf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.8EPSS: 34%CPEs: 2EXPL: 1CVE-2023-35155 – XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email
https://notcve.org/view.php?id=CVE-2023-35155
23 Jun 2023 — XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: `
CVSS: 6.4EPSS: 47%CPEs: 2EXPL: 0CVE-2023-32068 – URL Redirection to Untrusted Site in XWiki
https://notcve.org/view.php?id=CVE-2023-32068
15 May 2023 — XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4 it's possible to exploit well known parameters in XWiki URLs to perform redirection to untrusted site. This vulnerability was partially fixed in the past for XWiki 12.10.7 and 13.3RC1 but there is still the possibility to force specific URLs to skip some checks, e.g. using URLs like `http:example.com` in the parameter would allow the redirect. The issue has now been patched a... • https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •