Description
XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on `LiveTableResults` and `WikisLiveTableResultsMacros`.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4279)
Django DEPRECATED: Code Vulnerability (CVE-2015-0222)
MySQL CVE-2016-0597 Vulnerability (CVE-2016-0597)
WordPress Plugin Post Views Counter Cross-Site Scripting (1.3.4)
WordPress Plugin Passster-Password Protection Security Bypass (3.5.5.8)