Xiqinger

**Name of the Vulnerable Software and Affected Versions** XWiki versions prior to 15.10.9 XWiki versions prior to 16.3.0RC1 **Description** The XWiki Platform, a generic wiki platform, has an issue where its REST API exposes the history of any page if an attacker knows the page name. The exposed information includes the time of modification, version number, author (username and displayed name), and version comment for each page modification. This disclosure occurs regardless of permission settings, even on fully private wikis. The issue can be tested by accessing the `/xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history` API endpoint. If the history of the main page is displayed, the installation is affected. **Recommendations** For XWiki versions prior to 15.10.9, upgrade to version 15.10.9 or later. For XWiki versions prior to 16.3.0RC1, upgrade to version 16.3.0RC1 or later.

**Name of the Vulnerable Software and Affected Versions** lsgwr spring boot online exam version 0.9 **Description** The issue allows an attacker to execute arbitrary code via the `FileTransUtil.java` component. This is a Directory Traversal vulnerability, which can be exploited to access files or directories that are not intended to be accessible. **Recommendations** For version 0.9, consider disabling the `FileTransUtil.java` component until a patch is available to prevent exploitation. Restrict access to sensitive files and directories to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.