7.5
CVE-2024-52298 - macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs tโฆ
5.3
CVE-2024-11175 - Public CMS Voting Management save cross site scripting
A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has beenโฆ
7.5
CVE-2024-52299 - The PDF viewer macro allows accessing any attachment without access right checks
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. Thiโฆ
9.1
CVE-2024-52300 - macro-pdfviewer has a XSS through the width parameter
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visitโฆ
7.1
CVE-2024-7295 - Hard-coded credentials used for temporary and cache data encryption
In Progressยฎ Telerikยฎ Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
6.5
CVE-2024-8049 - Telerik Document Processing Improper Handling of Memory Resources
In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.
6.5
CVE-2024-52305 - UnoPim Stored XSS : Cookie hijacking through Create User function
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an emโฆ
7.8
CVE-2024-10012 - Progress UI for WPF format provider unsafe deserialization vulnerability
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability.
7.8
CVE-2024-10013 - Progress UI for WinForms format provider unsafe deserialization vulnerability
In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability.
7.7
CVE-2024-52306 - FileManager Deserialization of Untrusted Data
FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.