CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21648 – XWiki has no right protection on rollback action
https://notcve.org/view.php?id=CVE-2024-21648
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback. XWiki Platform es una plataforma wiki genérica que ofrece servicios de ejecución para aplicaciones creadas sobre ella. A la acción de reversión le falta una protección adecuada, un usuario puede retroceder a una versión anterior de la página para obtener derechos que ya no tiene. • https://github.com/xwiki/xwiki-platform/commit/4de72875ca49602796165412741033bfdbf1e680 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xh35-w7wg-95v3 https://jira.xwiki.org/browse/XWIKI-21257 • CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 10.0EPSS: 94%CPEs: 3EXPL: 2CVE-2024-21650 – XWiki Remote Code Execution vulnerability via user registration
https://notcve.org/view.php?id=CVE-2024-21650
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests. This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1. • https://github.com/codeb0ss/CVE-2024-21650-PoC https://github.com/xwiki/xwiki-platform/commit/b290bfd573c6f7db6cc15a88dd4111d9fcad0d31 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rj7p-xjv7-7229 https://jira.xwiki.org/browse/XWIKI-21173 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.9EPSS: 0%CPEs: 5EXPL: 0CVE-2023-50723 – XWiki Platform remote code execution/programming rights with configuration section from any user account
https://notcve.org/view.php?id=CVE-2023-50723
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. • https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6 https://github.com/xwiki/xwiki-platform/commit/1157c1ecea395aac7f64cd8a6f484b1225416dc7 https://github.com/xwiki/xwiki-platform/commit/749f6aee1bfbcf191c3734ea0aa9eba3aa63240e https://github.com/xwiki/xwiki-platform/commit/bd82be936c21b65dee367d558e3050b9b6995713 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qj86-p74r-7wp5 https://jira.xwiki.org/browse/XWIKI-21121 https://jira.xwiki.org/browse/XWIKI-21122 https://jira.xwiki.org/browse& • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.6EPSS: 0%CPEs: 5EXPL: 0CVE-2023-50722 – XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass
https://notcve.org/view.php?id=CVE-2023-50722
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doesn't require the attacker to have an account or any access on the wiki. It is sufficient to trick any admin user of the XWiki installation to visit the crafted URL. • https://github.com/xwiki/xwiki-platform/commit/5e14c8d08fd0c5b619833d35090b470aa4cb52b0 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cp3j-273x-3jxc https://jira.xwiki.org/browse/XWIKI-21167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-50720 – XWiki Platform Solr search discloses email addresses of users
https://notcve.org/view.php?id=CVE-2023-50720
XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability. • https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283 https://jira.xwiki.org/browse/XWIKI-20371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •