Xwiki Change Request vulnerabilities
2 known vulnerabilities affecting xwiki/change_request.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-45138P2CRITICALCVSS 9.6≥ 0.11, < 1.9.22023-10-12
CVE-2023-45138 [CRITICAL] CWE-79 CVE-2023-45138: Change Request is an pplication allowing users to request changes on a wiki without publishing the c
Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an appropriate title when creating a new Change Request.
nvd
CVE-2023-49280P3MEDIUMCVSS 6.5≥ 0.1, < 1.102023-12-04
CVE-2023-49280 [MEDIUM] CWE-522 CVE-2023-49280: XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishin
XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain password hash of users by performing an edit on the user p
nvd