RSS   Podatności dla 'Xwiki'   RSS

2018-09-27
 
CVE-2018-16277

CWE-79
 

 
The Image Import function in XWiki through 10.7 has XSS.

 
2010-12-30
 
CVE-2010-4642

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
 
CVE-2010-4641

CWE-89
 

 
SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

 
2007-09-14
 
CVE-2007-4898

CWE-noinfo
 

 
Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 Enterprise RC2 allows remote authenticated users, with administrative access to one wiki in a multiwiki environment, to obtain sensitive information via unknown attack vectors. NOTE: Some of these details are obtained from third party information.

 
2007-09-13
 
CVE-2007-4888

CWE-DesignError
 

 
The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable.

 
 
CVE-2006-7223

CWE-264
 

 
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.

 
2005-12-31
 
CVE-2005-4862

 

 
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password.

 

 >>> Vendor: Xwiki 4 Produkty
Xwiki
Xwiki watch
Xwiki enterprise
Cryptpad


Copyright 2020, cxsecurity.com

 

Back to Top