pkg:maven/org.xwiki.platform/xwiki-platform-administration-ui

Type maven

Namespace org.xwiki.platform

Name xwiki-platform-administration-ui

Known advisories, vulnerabilities and fixes for org.xwiki.platform/xwiki-platform-administration-ui package.

Repository: https://mvnrepository.com/artifact/org.xwiki.platform/xwiki-platform-administration-ui

Critical 7

High 2

Moderate 1

Type	Version	# CVEs	# Advisory ID	Title	Severity	Published
Affected	>= 4.3-milestone-2, < 14.10.2	CVE-2023-29510	MAVEN:GHSA-4V38-964C-XJMW	Code injection via unescaped translations in xwiki-platform	critical	2023-04-19T18:26:35 (17 months ago)
Fixed	= 14.10.2	CVE-2023-29510	MAVEN:GHSA-4V38-964C-XJMW	Code injection via unescaped translations in xwiki-platform	critical	2023-04-19T18:26:35 (17 months ago)
Affected	>= 15.0-rc-1, < 15.5.1 < 14.10.14	CVE-2023-46731	MAVEN:GHSA-62PR-QQF7-HH89	XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest	critical	2023-11-08T14:51:06 (10 months ago)
Fixed	= 15.5.1 = 14.10.14	CVE-2023-46731	MAVEN:GHSA-62PR-QQF7-HH89	XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest	critical	2023-11-08T14:51:06 (10 months ago)
Affected	>= 14.5, < 14.10.1 >= 14.0-rc-1, < 14.4.8 >= 4.2-milestone-1, < 13.10.11	CVE-2023-29514	MAVEN:GHSA-9J36-3CP4-RH4J	XWiki vulnerable to Code Injection in template provider administration	critical	2023-04-20T21:46:57 (17 months ago)
Fixed	= 14.10.1 = 14.4.8 = 13.10.11	CVE-2023-29514	MAVEN:GHSA-9J36-3CP4-RH4J	XWiki vulnerable to Code Injection in template provider administration	critical	2023-04-20T21:46:57 (17 months ago)
Affected	>= 15.6-rc-1, < 15.7-rc-1 >= 15.0-rc-1, < 15.5.2 >= 2.3, < 14.10.15	CVE-2023-50722	MAVEN:GHSA-CP3J-273X-3JXC	XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass	critical	2023-12-16T00:39:39 (9 months ago)
Fixed	= 15.7-rc-1 = 15.5.2 = 14.10.15	CVE-2023-50722	MAVEN:GHSA-CP3J-273X-3JXC	XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass	critical	2023-12-16T00:39:39 (9 months ago)
Affected	>= 3.1-milestone-1, <= 13.0	CVE-2022-23616	MAVEN:GHSA-MGJW-2WRP-R535	Remote code execution in xwiki-platform	high	2022-02-09T21:32:10 (2 years ago)
Fixed	= 13.1RC1	CVE-2022-23616	MAVEN:GHSA-MGJW-2WRP-R535	Remote code execution in xwiki-platform	high	2022-02-09T21:32:10 (2 years ago)
Affected	>= 15.6-rc-1, < 15.7-rc-1 >= 15.0-rc-1, < 15.5.2 >= 2.3, < 14.10.15	CVE-2023-50723	MAVEN:GHSA-QJ86-P74R-7WP5	Remote code execution/programming rights with configuration section from any user account	critical	2023-12-16T00:40:04 (9 months ago)
Fixed	= 15.7-rc-1 = 15.5.2 = 14.10.15	CVE-2023-50723	MAVEN:GHSA-QJ86-P74R-7WP5	Remote code execution/programming rights with configuration section from any user account	critical	2023-12-16T00:40:04 (9 months ago)
Affected	>= 14.5, < 14.10.1 >= 14.0-rc-1, < 14.4.8 >= 1.5M2, < 13.10.11	CVE-2023-29511	MAVEN:GHSA-RFH6-MG6H-H668	xwiki-platform-administration-ui vulnerable to privilege escalation	critical	2023-04-12T20:36:56 (17 months ago)
Fixed	= 14.10.1 = 14.4.8 = 13.10.11	CVE-2023-29511	MAVEN:GHSA-RFH6-MG6H-H668	xwiki-platform-administration-ui vulnerable to privilege escalation	critical	2023-04-12T20:36:56 (17 months ago)
Affected	>= 15.6-rc-1, < 15.8-rc-1 >= 15.0-rc-1, < 15.5.3 >= 2.2, < 14.10.17	CVE-2024-21650	MAVEN:GHSA-RJ7P-XJV7-7229	XWiki Remote Code Execution Vulnerability via User Registration	critical	2024-01-08T16:33:14 (8 months ago)
Fixed	= 15.8-rc-1 = 15.5.3 = 14.10.17	CVE-2024-21650	MAVEN:GHSA-RJ7P-XJV7-7229	XWiki Remote Code Execution Vulnerability via User Registration	critical	2024-01-08T16:33:14 (8 months ago)
Affected	>= 13.0, < 13.2 < 12.10.5	CVE-2021-32730	MAVEN:GHSA-V9J2-Q4Q5-CXH4	No CSRF protection on the password change form	moderate	2021-07-02T19:19:13 (3 years ago)
Fixed	= 13.2 = 12.10.5	CVE-2021-32730	MAVEN:GHSA-V9J2-Q4Q5-CXH4	No CSRF protection on the password change form	moderate	2021-07-02T19:19:13 (3 years ago)
Affected	>= 13.0, <= 13.1 < 12.10.5	CVE-2021-32732	MAVEN:GHSA-VH5C-JQFG-MHRH	Cross-Site Request Forgery in xwiki-platform	high	2022-02-10T22:42:46 (2 years ago)
Fixed	= 13.2RC1 = 12.10.5	CVE-2021-32732	MAVEN:GHSA-VH5C-JQFG-MHRH	Cross-Site Request Forgery in xwiki-platform	high	2022-02-10T22:42:46 (2 years ago)