Количество 3
Количество 3
CVE-2023-29519
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own dashboard. Note that the vulnerability does not impact comments of a wiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.2, 15.0-rc-1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
GHSA-3hjg-cghv-22ww
org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection
BDU:2024-01253
Уязвимость платформы создания совместных веб-приложений XWiki Platform XWiki существует из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю выполнить произвольный код
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-29519 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own dashboard. Note that the vulnerability does not impact comments of a wiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.2, 15.0-rc-1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS3: 9 | 16% Средний | почти 3 года назад |
| GHSA-3hjg-cghv-22ww org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection | CVSS3: 8.8 | 16% Средний | почти 3 года назад |
 | BDU:2024-01253 Уязвимость платформы создания совместных веб-приложений XWiki Platform XWiki существует из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю выполнить произвольный код | CVSS3: 9 | 16% Средний | почти 3 года назад |
Уязвимостей на страницу