CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21648 – XWiki has no right protection on rollback action
https://notcve.org/view.php?id=CVE-2024-21648
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback. XWiki Platform es una plataforma wiki genérica que ofrece servicios de ejecución para aplicaciones creadas sobre ella. A la acción de reversión le falta una protección adecuada, un usuario puede retroceder a una versión anterior de la página para obtener derechos que ya no tiene. • https://github.com/xwiki/xwiki-platform/commit/4de72875ca49602796165412741033bfdbf1e680 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xh35-w7wg-95v3 https://jira.xwiki.org/browse/XWIKI-21257 • CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 10.0EPSS: 94%CPEs: 3EXPL: 2CVE-2024-21650 – XWiki Remote Code Execution vulnerability via user registration
https://notcve.org/view.php?id=CVE-2024-21650
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests. This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1. • https://github.com/codeb0ss/CVE-2024-21650-PoC https://github.com/xwiki/xwiki-platform/commit/b290bfd573c6f7db6cc15a88dd4111d9fcad0d31 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rj7p-xjv7-7229 https://jira.xwiki.org/browse/XWIKI-21173 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-50720 – XWiki Platform Solr search discloses email addresses of users
https://notcve.org/view.php?id=CVE-2023-50720
XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability. • https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283 https://jira.xwiki.org/browse/XWIKI-20371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48293 – XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries
https://notcve.org/view.php?id=CVE-2023-48293
The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allows modifying and deleting all data of the wiki. This could be both used to damage the wiki and to create an account with elevated privileges for the attacker, thus impacting the confidentiality, integrity and availability of the whole XWiki instance. A possible attack vector are comments on the wiki, by embedding an image with wiki syntax like `[[image:path:/xwiki/bin/view/Admin/QueryOnXWiki? • https://github.com/xwiki-contrib/application-admintools/commit/45298b4fbcafba6914537dcdd798a1e1385f9e46 https://github.com/xwiki-contrib/application-admintools/security/advisories/GHSA-4f4c-rhjv-4wgv https://jira.xwiki.org/browse/ADMINTOOL-92 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46243 – Code execution via the edit action in XWiki platform
https://notcve.org/view.php?id=CVE-2023-46243
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it. A crafted URL of the form ` /xwiki/bin/edit//?content=%7B%7Bgroovy%7D%7Dprintln%28%22Hello+from+Groovy%21%22%29%7B%7B%2Fgroovy%7D%7D&xpage=view` can be used to execute arbitrary groovy code on the server. This vulnerability has been patched in XWiki versions 14.10.6 and 15.2RC1. • https://github.com/xwiki/xwiki-platform/commit/a0e6ca083b36be6f183b9af33ae735c1e02010f4 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g2qq-c5j9-5w5w https://jira.xwiki.org/browse/XWIKI-20385 • CWE-94: Improper Control of Generation of Code ('Code Injection') •