高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| xwiki | xwiki-platform | >= 12.0-rc-1, < 14.10.12 | - |
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|---|---|---|
| 1 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-45136.yaml | POC詳細 |
公開POCは見つかりませんでした。
ログインしてAI POCを生成| CVE-2023-37913 | 10.0 CRITICAL | org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file |
| CVE-2023-37912 | 10.0 CRITICAL | XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro |
| CVE-2023-37909 | 10.0 CRITICAL | Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet |
| CVE-2023-45137 | 9.1 CRITICAL | XWiki Platform XSS with edit right in the create document form for existing pages |
| CVE-2023-45135 | 9.1 CRITICAL | XWiki users can be tricked to execute scripts as the create page action doesn't display th |
| CVE-2023-45134 | 9.1 CRITICAL | XWiki Platform XSS vulnerability from account in the create page form via template provide |
| CVE-2023-37908 | 9.1 CRITICAL | org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in I |
| CVE-2023-37910 | 8.1 HIGH | org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on At |
| CVE-2023-37911 | 6.5 MEDIUM | org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created doc |
まだコメントはありません