all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-29210 (xwiki)

Add to bookmarks
April 15, 2023, 5:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the user parameter of the macro that provide the notification filters. These macros are used in the user profiles and thus installed by default in XWiki. The vulnerability …

access code commons cve documents installation macro macros notification parameter profiles projects python rights root technical vulnerability

Visit resource

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 6 months ago | web.nvd.nist.gov
attackers cve denial of service issue +1
CVE-2023-40101 (android) 6 months ago | web.nvd.nist.gov
android check collapse cve +7
CVE-2023-21377 (android) 6 months ago | web.nvd.nist.gov
android bypass cve disclosure +8
CVE-2023-21380 (android) 6 months ago | web.nvd.nist.gov
android bluetooth buffer buffer overflow +9
CVE-2023-21382 (android) 6 months ago | web.nvd.nist.gov
access android check cve +11
CVE-2023-21381 (android) 6 months ago | web.nvd.nist.gov
android arbitrary code code code execution +10
CVE-2023-21385 (android) 6 months ago | web.nvd.nist.gov
android corruption cve disclosure +7
CVE-2023-21387 (android) 6 months ago | web.nvd.nist.gov
android backup bypass cve +11
CVE-2023-21389 (android) 6 months ago | web.nvd.nist.gov
android bypass check cve +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Lead Security Specialist

@ Fujifilm | Holly Springs, NC, United States
View on infosec-jobs.com

Security Operations Centre Analyst

@ Deliveroo | Hyderabad, India (Main Office)
View on infosec-jobs.com

CISOC Analyst

@ KCB Group | Kenya
View on infosec-jobs.com

Lead Security Engineer – Red Team/Offensive Security

@ FICO | Work from Home, United States
View on infosec-jobs.com

Cloud Security SME

@ Maveris | Washington, District of Columbia, United States - Remote
View on infosec-jobs.com

SOC Analyst (m/w/d)

@ Bausparkasse Schwäbisch Hall | Schwäbisch Hall, DE
View on infosec-jobs.com
View more jobs