pkg:maven/org.xwiki.platform/xwiki-platform-administration-ui
Type
maven
Namespace
org.xwiki.platform
Name
xwiki-platform-administration-ui
Known advisories, vulnerabilities and fixes for org.xwiki.platform/xwiki-platform-administration-ui package.
Critical
7
High
2
Moderate
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 4.3-milestone-2, < 14.10.2 |
CVE-2023-29510
|
MAVEN:GHSA-4V38-964C-XJMW | Code injection via unescaped translations in xwiki-platform | critical |
2023-04-19T18:26:35
(17 months ago) |
|
Fixed | = 14.10.2 |
CVE-2023-29510
|
MAVEN:GHSA-4V38-964C-XJMW | Code injection via unescaped translations in xwiki-platform | critical |
2023-04-19T18:26:35
(17 months ago) |
|
Affected | >= 15.0-rc-1, < 15.5.1 < 14.10.14 |
CVE-2023-46731
|
MAVEN:GHSA-62PR-QQF7-HH89 | XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest | critical |
2023-11-08T14:51:06
(10 months ago) |
|
Fixed | = 15.5.1 = 14.10.14 |
CVE-2023-46731
|
MAVEN:GHSA-62PR-QQF7-HH89 | XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest | critical |
2023-11-08T14:51:06
(10 months ago) |
|
Affected | >= 14.5, < 14.10.1 >= 14.0-rc-1, < 14.4.8 >= 4.2-milestone-1, < 13.10.11 |
CVE-2023-29514
|
MAVEN:GHSA-9J36-3CP4-RH4J | XWiki vulnerable to Code Injection in template provider administration | critical |
2023-04-20T21:46:57
(17 months ago) |
|
Fixed | = 14.10.1 = 14.4.8 = 13.10.11 |
CVE-2023-29514
|
MAVEN:GHSA-9J36-3CP4-RH4J | XWiki vulnerable to Code Injection in template provider administration | critical |
2023-04-20T21:46:57
(17 months ago) |
|
Affected | >= 15.6-rc-1, < 15.7-rc-1 >= 15.0-rc-1, < 15.5.2 >= 2.3, < 14.10.15 |
CVE-2023-50722
|
MAVEN:GHSA-CP3J-273X-3JXC | XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass | critical |
2023-12-16T00:39:39
(9 months ago) |
|
Fixed | = 15.7-rc-1 = 15.5.2 = 14.10.15 |
CVE-2023-50722
|
MAVEN:GHSA-CP3J-273X-3JXC | XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass | critical |
2023-12-16T00:39:39
(9 months ago) |
|
Affected | >= 3.1-milestone-1, <= 13.0 |
CVE-2022-23616
|
MAVEN:GHSA-MGJW-2WRP-R535 | Remote code execution in xwiki-platform | high |
2022-02-09T21:32:10
(2 years ago) |
|
Fixed | = 13.1RC1 |
CVE-2022-23616
|
MAVEN:GHSA-MGJW-2WRP-R535 | Remote code execution in xwiki-platform | high |
2022-02-09T21:32:10
(2 years ago) |
|
Affected | >= 15.6-rc-1, < 15.7-rc-1 >= 15.0-rc-1, < 15.5.2 >= 2.3, < 14.10.15 |
CVE-2023-50723
|
MAVEN:GHSA-QJ86-P74R-7WP5 | Remote code execution/programming rights with configuration section from any user account | critical |
2023-12-16T00:40:04
(9 months ago) |
|
Fixed | = 15.7-rc-1 = 15.5.2 = 14.10.15 |
CVE-2023-50723
|
MAVEN:GHSA-QJ86-P74R-7WP5 | Remote code execution/programming rights with configuration section from any user account | critical |
2023-12-16T00:40:04
(9 months ago) |
|
Affected | >= 14.5, < 14.10.1 >= 14.0-rc-1, < 14.4.8 >= 1.5M2, < 13.10.11 |
CVE-2023-29511
|
MAVEN:GHSA-RFH6-MG6H-H668 | xwiki-platform-administration-ui vulnerable to privilege escalation | critical |
2023-04-12T20:36:56
(17 months ago) |
|
Fixed | = 14.10.1 = 14.4.8 = 13.10.11 |
CVE-2023-29511
|
MAVEN:GHSA-RFH6-MG6H-H668 | xwiki-platform-administration-ui vulnerable to privilege escalation | critical |
2023-04-12T20:36:56
(17 months ago) |
|
Affected | >= 15.6-rc-1, < 15.8-rc-1 >= 15.0-rc-1, < 15.5.3 >= 2.2, < 14.10.17 |
CVE-2024-21650
|
MAVEN:GHSA-RJ7P-XJV7-7229 | XWiki Remote Code Execution Vulnerability via User Registration | critical |
2024-01-08T16:33:14
(8 months ago) |
|
Fixed | = 15.8-rc-1 = 15.5.3 = 14.10.17 |
CVE-2024-21650
|
MAVEN:GHSA-RJ7P-XJV7-7229 | XWiki Remote Code Execution Vulnerability via User Registration | critical |
2024-01-08T16:33:14
(8 months ago) |
|
Affected | >= 13.0, < 13.2 < 12.10.5 |
CVE-2021-32730
|
MAVEN:GHSA-V9J2-Q4Q5-CXH4 | No CSRF protection on the password change form | moderate |
2021-07-02T19:19:13
(3 years ago) |
|
Fixed | = 13.2 = 12.10.5 |
CVE-2021-32730
|
MAVEN:GHSA-V9J2-Q4Q5-CXH4 | No CSRF protection on the password change form | moderate |
2021-07-02T19:19:13
(3 years ago) |
|
Affected | >= 13.0, <= 13.1 < 12.10.5 |
CVE-2021-32732
|
MAVEN:GHSA-VH5C-JQFG-MHRH | Cross-Site Request Forgery in xwiki-platform | high |
2022-02-10T22:42:46
(2 years ago) |
|
Fixed | = 13.2RC1 = 12.10.5 |
CVE-2021-32732
|
MAVEN:GHSA-VH5C-JQFG-MHRH | Cross-Site Request Forgery in xwiki-platform | high |
2022-02-10T22:42:46
(2 years ago) |