cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-37908,https://securityvulnerability.io/vulnerability/CVE-2023-37908,org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability,"A vulnerability in XWiki Rendering enables the injection of arbitrary HTML through improper cleaning of attributes during XHTML rendering. This flaw, introduced in version 14.6-rc-1, can be exploited via malicious links in XWiki-compatible content, executing arbitrary JavaScript in the context of the user's session. If the targeted user holds programming rights, this could lead to server-side code execution, compromising the confidentiality, integrity, and availability of the XWiki instance. The issue has been addressed in versions 14.10.4 and 15.0 RC1 by improving attribute validation and removal of disallowed characters. Upgrading to these versions is essential to mitigate the risk.",xwiki,xwiki-rendering,9.6,CRITICAL,0.002240000059828162,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0
CVE-2023-37912,https://securityvulnerability.io/vulnerability/CVE-2023-37912,XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro,"The vulnerability in XWiki Rendering allows the footnote macro to execute content in a different context than intended. This misconfiguration can lead to privilege escalation from a user account to programming rights, enabling remote code execution. The flaw particularly arises when combined with the include macro, posing significant risks to the confidentiality, integrity, and availability of entire XWiki installations. Users are urged to upgrade to XWiki versions 14.10.6 or 15.1-rc-1 to mitigate the risk, as there are no workarounds available.",Xwiki,Xwiki-rendering,10,CRITICAL,0.0028800000436604023,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0
CVE-2023-32070,https://securityvulnerability.io/vulnerability/CVE-2023-32070,Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers,"The XWiki Platform, a widely used generic wiki solution, contains a vulnerability in its HTML rendering mechanism prior to version 14.6-rc-1. This flaw allows attackers to inject malicious scripts into web pages through unsafe attributes and link URLs, facilitating Cross-Site Scripting (XSS) attacks. Users are encouraged to upgrade to the latest version, 14.6-rc-1 or later, to mitigate the risk. No known workarounds exist, thus immediate action is recommended to secure affected installations.",Xwiki,Xwiki-rendering,6.1,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2023-05-10T18:15:00.000Z,0