Majkelstick

**Name of the Vulnerable Software and Affected Versions** XWiki Platform versions prior to 18.1.0-rc-1 XWiki Platform versions prior to 17.10.3 XWiki Platform versions prior to 17.4.9 XWiki Platform versions prior to 16.10.17 **Description** Path Traversal allows unauthorized access to read configuration files. This occurs via the `resource` parameter in the 'ssx' and 'jsx' endpoints by using leading slashes, enabling an attacker to access sensitive files such as `xwiki.cfg`. **Recommendations** Update to version 18.1.0-rc-1. Update to version 17.10.3. Update to version 17.4.9. Update to version 16.10.17.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** A file placement issue exists, allowing assets to be uploaded to unintended server directories. This is due to improper limitation of a pathname to a restricted directory, specifically in the asset upload functionality. This enables users to upload files outside of the intended temporary directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.