exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 3

CVE-2023-29213

почти 3 года назад

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-ui` it is possible to trick a user with programming rights into visiting a constructed url where e.g., by embedding an image with this URL in a document that is viewed by a user with programming rights which will evaluate an expression in the constructed url and execute it. This issue has been addressed in versions 13.10.11, 14.4.7, and 14.10. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS3: 9

EPSS: Низкий

GHSA-4655-wh7v-3vmg

почти 3 года назад

org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability

CVSS3: 9

EPSS: Низкий

BDU:2024-00972

почти 3 года назад

Уязвимость платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю подменить отображаемый URL

CVSS3: 8.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2023-29213 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-ui` it is possible to trick a user with programming rights into visiting a constructed url where e.g., by embedding an image with this URL in a document that is viewed by a user with programming rights which will evaluate an expression in the constructed url and execute it. This issue has been addressed in versions 13.10.11, 14.4.7, and 14.10. Users are advised to upgrade. There are no known workarounds for this vulnerability.	CVSS3: 9	1% Низкий	почти 3 года назад
GHSA-4655-wh7v-3vmg org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability	CVSS3: 9	1% Низкий	почти 3 года назад
BDU:2024-00972 Уязвимость платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю подменить отображаемый URL	CVSS3: 8.8	1% Низкий	почти 3 года назад

Уязвимостей на страницу