pkg:maven/org.xwiki.commons/xwiki-commons-xml

Type maven

Namespace org.xwiki.commons

Name xwiki-commons-xml

Known advisories, vulnerabilities and fixes for org.xwiki.commons/xwiki-commons-xml package.

Repository: https://mvnrepository.com/artifact/org.xwiki.commons/xwiki-commons-xml

Critical 5

Moderate 1

Type	Version	Distribution	# CVEs	# Advisory ID	Title	Severity	Published
Affected	>= 15.0-rc-1, < 15.2-rc-1 >= 14.6-rc-1, < 14.10.6		CVE-2023-36471	MAVEN:GHSA-6PQF-C99P-758V	org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted	critical	2023-06-30T20:41:50 (14 months ago)
Fixed	= 15.2-rc-1 = 14.10.6		CVE-2023-36471	MAVEN:GHSA-6PQF-C99P-758V	org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted	critical	2023-06-30T20:41:50 (14 months ago)
Affected	>= 14.5, < 14.7-rc-1 >= 14.0-rc-1, < 14.4.4 >= 3.1-milestone-1, < 13.10.9		CVE-2023-26055	MAVEN:GHSA-8CW6-4R32-6R3H	XWiki Platform may allow privilege escalation to programming rights via user's first name	critical	2023-03-03T22:49:27 (18 months ago)
Fixed	= 14.7-rc-1 = 14.4.4 = 13.10.9		CVE-2023-26055	MAVEN:GHSA-8CW6-4R32-6R3H	XWiki Platform may allow privilege escalation to programming rights via user's first name	critical	2023-03-03T22:49:27 (18 months ago)
Affected	>= 13.5-rc-1, <= 13.7 >= 13.0.0, < 13.4.4 >= 2.7, < 12.10.10		CVE-2022-24898	MAVEN:GHSA-M2R5-4W96-QXG5	Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml	moderate	2022-04-28T19:31:55 (2 years ago)
Fixed	= 13.8-rc-1 = 13.4.4 = 12.10.10		CVE-2022-24898	MAVEN:GHSA-M2R5-4W96-QXG5	Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml	moderate	2022-04-28T19:31:55 (2 years ago)
Affected	>= 4.2-milestone-1, < 14.6-rc-1		CVE-2023-29201	MAVEN:GHSA-M3JR-CVHJ-F35J	org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability	critical	2023-04-12T20:38:17 (17 months ago)
Fixed	= 14.6-rc-1		CVE-2023-29201	MAVEN:GHSA-M3JR-CVHJ-F35J	org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability	critical	2023-04-12T20:38:17 (17 months ago)
Affected	>= 14.6-rc-1, < 14.10.4		CVE-2023-31126	MAVEN:GHSA-PV7V-PH6G-3GXV	Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml	critical	2023-05-09T19:59:31 (16 months ago)
Fixed	= 14.10.4		CVE-2023-31126	MAVEN:GHSA-PV7V-PH6G-3GXV	Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml	critical	2023-05-09T19:59:31 (16 months ago)
Affected	>= 4.2-milestone-1, < 14.10		CVE-2023-29528	MAVEN:GHSA-X37V-36WV-6V6H	Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml	critical	2023-04-20T20:55:02 (17 months ago)
Fixed	= 14.10		CVE-2023-29528	MAVEN:GHSA-X37V-36WV-6V6H	Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml	critical	2023-04-20T20:55:02 (17 months ago)