1. Home
  2. Packages
  3. maven
  4. org.xwiki.platform
  5. xwiki-platform-oldcore

pkg:maven/org.xwiki.platform/xwiki-platform-oldcore

Type maven
Namespace org.xwiki.platform
Name xwiki-platform-oldcore

Known advisories, vulnerabilities and fixes for org.xwiki.platform/xwiki-platform-oldcore package.

Repository
https://mvnrepository.com/artifact/org.xwiki.platform/xwiki-platform-oldcore
Critical 11
High 10
Moderate 14
Low 2
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected >= 14.0.0, < 14.4.2 >= 11.7RC1, < 13.10.7 CVE-2022-41929
maven MAVEN:GHSA-2GJ2-VJ98-J2QQ Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore moderate 2022-11-21T22:35:22
(22 months ago)
Fixed = 14.4.2 = 13.10.7 CVE-2022-41929
maven MAVEN:GHSA-2GJ2-VJ98-J2QQ Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore moderate 2022-11-21T22:35:22
(22 months ago)
Affected < 12.10.9 >= 13.0.0, < 13.4.3 >= 13.6-rc-1, <= 13.6 CVE-2022-23621
maven MAVEN:GHSA-2JHM-QP48-HV5J Missing authorization in xwiki-platform moderate 2022-02-09T21:56:05
(2 years ago)
Fixed = 12.10.9 = 13.4.3 = 13.7-rc-1 CVE-2022-23621
maven MAVEN:GHSA-2JHM-QP48-HV5J Missing authorization in xwiki-platform moderate 2022-02-09T21:56:05
(2 years ago)
Affected >= 15.6-rc-1, < 15.10.6 >= 15.0, < 15.5.5 >= 14.2, < 14.10.21 >= 13.10.4, < 14.0-rc-1 CVE-2024-37898
maven MAVEN:GHSA-33GP-GMG3-HFPQ XWiki Platform vulnerable to document deletion and overwrite from edit moderate 2024-07-31T15:20:02
(6 weeks ago)
Fixed = 15.10.6 = 15.5.5 = 14.10.21 CVE-2024-37898
maven MAVEN:GHSA-33GP-GMG3-HFPQ XWiki Platform vulnerable to document deletion and overwrite from edit moderate 2024-07-31T15:20:02
(6 weeks ago)
Affected >= 14.5, < 14.10 >= 14.0, < 14.4.7 >= 13.10, < 13.10.11 CVE-2023-26474
maven MAVEN:GHSA-3738-P9X3-MV9R XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author critical 2023-03-03T22:48:40
(18 months ago)
Fixed = 14.10 = 14.4.7 = 13.10.11 CVE-2023-26474
maven MAVEN:GHSA-3738-P9X3-MV9R XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author critical 2023-03-03T22:48:40
(18 months ago)
Affected >= 14.5, < 14.10 >= 14.0-rc-1, < 14.4.7 >= 1.2-milestone-1, < 13.10.11 CVE-2023-29208
maven MAVEN:GHSA-4F8G-FQ6X-JQRR org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents high 2023-04-12T20:34:55
(17 months ago)
Fixed = 14.10 = 14.4.7 = 13.10.11 CVE-2023-29208
maven MAVEN:GHSA-4F8G-FQ6X-JQRR org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents high 2023-04-12T20:34:55
(17 months ago)
Affected >= 15.0-rc-1, < 15.4-rc-1 >= 3.2-milestone-3, < 14.10.9 CVE-2023-40572
maven MAVEN:GHSA-4F8M-7H83-9F6M XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action high 2023-08-23T20:37:04
(12 months ago)
Fixed = 15.4-rc-1 = 14.10.9 CVE-2023-40572
maven MAVEN:GHSA-4F8M-7H83-9F6M XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action high 2023-08-23T20:37:04
(12 months ago)
Affected >= 14.5.0, < 14.6-rc-1 >= 14.0.0, < 14.4.2 < 13.10.8 CVE-2022-41932
maven MAVEN:GHSA-4X5R-6V26-7J4V Creation of new database tables through login form on PostgreSQL high 2022-11-21T22:36:49
(22 months ago)
Fixed = 14.6-rc-1 = 14.4.2 = 13.10.8 CVE-2022-41932
maven MAVEN:GHSA-4X5R-6V26-7J4V Creation of new database tables through login form on PostgreSQL high 2022-11-21T22:36:49
(22 months ago)
Affected >= 12.6.4, < 12.8 < 12.6.3 CVE-2021-29459
maven MAVEN:GHSA-5C66-V29H-XJH8 XSS Cross Site Scripting critical 2021-04-22T16:11:55
(3 years ago)
Fixed = 12.8 = 12.6.3 CVE-2021-29459
maven MAVEN:GHSA-5C66-V29H-XJH8 XSS Cross Site Scripting critical 2021-04-22T16:11:55
(3 years ago)
Affected >= 12.0, < 12.5 < 11.10.6 CVE-2020-15252
maven MAVEN:GHSA-5HV6-MH8Q-Q9V8 RCE in XWiki high 2020-10-16T16:55:49
(3 years ago)
Fixed = 12.5 = 11.10.6 CVE-2020-15252
maven MAVEN:GHSA-5HV6-MH8Q-Q9V8 RCE in XWiki high 2020-10-16T16:55:49
(3 years ago)
Affected < 14.10.4 CVE-2023-32068
maven MAVEN:GHSA-6GVJ-8VC5-8V3J org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability moderate 2023-05-15T20:52:19
(16 months ago)
Fixed = 14.10.4 CVE-2023-32068
maven MAVEN:GHSA-6GVJ-8VC5-8V3J org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability moderate 2023-05-15T20:52:19
(16 months ago)
Affected >= 12.0.0, < 12.2.1 < 11.10.5 CVE-2020-15171
maven MAVEN:GHSA-7QW5-PQHC-XM4G Users with SCRIPT right can execute arbitrary code in XWiki low 2020-09-10T19:19:27
(4 years ago)
Fixed = 12.2.1 = 11.10.5 CVE-2020-15171
maven MAVEN:GHSA-7QW5-PQHC-XM4G Users with SCRIPT right can execute arbitrary code in XWiki low 2020-09-10T19:19:27
(4 years ago)
Affected >= 14.0, < 14.2 < 13.10.4 CVE-2022-36092
maven MAVEN:GHSA-8H89-34W2-JPFM XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action high 2022-09-16T17:06:38
(2 years ago)
Fixed = 14.2 = 13.10.4 CVE-2022-36092
maven MAVEN:GHSA-8H89-34W2-JPFM XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action high 2022-09-16T17:06:38
(2 years ago)
Affected >= 15.0-rc-1, < 15.2-rc-1 >= 2.0, < 14.10.7 CVE-2023-36468
maven MAVEN:GHSA-8Q9Q-R9V2-644M Upgrading doesn't prevent exploiting vulnerable XWiki documents critical 2023-06-30T20:42:07
(14 months ago)
Fixed = 15.2-rc-1 = 14.10.7 CVE-2023-36468
maven MAVEN:GHSA-8Q9Q-R9V2-644M Upgrading doesn't prevent exploiting vulnerable XWiki documents critical 2023-06-30T20:42:07
(14 months ago)
Affected < 14.0-rc-1 CVE-2023-26470
maven MAVEN:GHSA-92WP-R7HM-42G7 XWiki Platform subject to Uncontrolled Resource Consumption moderate 2023-03-03T22:50:41
(18 months ago)
Fixed = 14.0-rc-1 CVE-2023-26470
maven MAVEN:GHSA-92WP-R7HM-42G7 XWiki Platform subject to Uncontrolled Resource Consumption moderate 2023-03-03T22:50:41
(18 months ago)
Affected >= 13.0, <= 13.2 < 12.10.6 CVE-2021-43841
maven MAVEN:GHSA-9JQ9-C2CV-PCRJ Cross-site Scripting by SVG upload in xwiki-platform moderate 2022-02-10T22:42:48
(2 years ago)
Fixed = 13.3RC1 = 12.10.6 CVE-2021-43841
maven MAVEN:GHSA-9JQ9-C2CV-PCRJ Cross-site Scripting by SVG upload in xwiki-platform moderate 2022-02-10T22:42:48
(2 years ago)
Affected >= 8.3-rc-1, < 13.10.3 CVE-2022-29253
maven MAVEN:GHSA-9QRP-H7FW-42HG Path Traversal in XWiki Platform low 2022-06-01T19:56:34
(2 years ago)
Fixed = 13.10.3 CVE-2022-29253
maven MAVEN:GHSA-9QRP-H7FW-42HG Path Traversal in XWiki Platform low 2022-06-01T19:56:34
(2 years ago)
Affected >= 15.6-rc-1, < 15.10-rc-1 >= 15.0-rc-1, < 15.5.4 >= 6.4-milestone-1, < 14.10.19 CVE-2024-31987
maven MAVEN:GHSA-CV55-V6RW-7R5V XWiki Platform remote code execution from account via custom skins support critical 2024-04-10T17:14:47
(5 months ago)
Fixed = 15.10-rc-1 = 15.5.4 = 14.10.19 CVE-2024-31987
maven MAVEN:GHSA-CV55-V6RW-7R5V XWiki Platform remote code execution from account via custom skins support critical 2024-04-10T17:14:47
(5 months ago)
Affected >= 1.0, < 13.0 CVE-2022-23615
maven MAVEN:GHSA-F4CJ-3Q3H-884R Partial authorization bypass on document save in xwiki-platform moderate 2022-02-09T21:21:53
(2 years ago)
Fixed = 13.0 CVE-2022-23615
maven MAVEN:GHSA-F4CJ-3Q3H-884R Partial authorization bypass on document save in xwiki-platform moderate 2022-02-09T21:21:53
(2 years ago)
Affected >= 1.0, < 14.10.6 >= 15.0, < 15.2-rc-1 CVE-2023-46243
maven MAVEN:GHSA-G2QQ-C5J9-5W5W XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action high 2023-11-07T23:02:57
(10 months ago)
Fixed = 14.10.6 = 15.2-rc-1 CVE-2023-46243
maven MAVEN:GHSA-G2QQ-C5J9-5W5W XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action high 2023-11-07T23:02:57
(10 months ago)
Affected >= 14.0-rc-1, < 14.2-rc-1 >= 11.3.7, < 13.10.4 CVE-2022-31166
maven MAVEN:GHSA-G4H6-QP44-WQVX XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups high 2022-09-20T21:19:52
(2 years ago)
Fixed = 14.2-rc-1 = 13.10.4 CVE-2022-31166
maven MAVEN:GHSA-G4H6-QP44-WQVX XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups high 2022-09-20T21:19:52
(2 years ago)
Affected >= 13.0, <= 13.1 < 12.10.6 CVE-2022-23617
maven MAVEN:GHSA-GF7X-2J2X-7F73 Missing authorization in xwiki-platform moderate 2022-02-09T21:41:46
(2 years ago)
Fixed = 13.2-rc-1 = 12.10.6 CVE-2022-23617
maven MAVEN:GHSA-GF7X-2J2X-7F73 Missing authorization in xwiki-platform moderate 2022-02-09T21:41:46
(2 years ago)
Affected >= 15.0-rc-1, < 15.3-rc-1 >= 9.4-rc-1, < 14.10.8 CVE-2023-37911
maven MAVEN:GHSA-GH64-QXH5-4M33 org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents moderate 2023-10-25T21:06:58
(10 months ago)
Fixed = 15.3-rc-1 = 14.10.8 CVE-2023-37911
maven MAVEN:GHSA-GH64-QXH5-4M33 org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents moderate 2023-10-25T21:06:58
(10 months ago)
Affected >= 14.5, < 14.10.3 >= 14.0-rc-1, < 14.4.8 >= 10.11.1, < 13.10.11 CVE-2023-29526
maven MAVEN:GHSA-GPQ5-7P34-VQX5 XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode critical 2023-04-20T22:24:46
(17 months ago)
Fixed = 14.10.3 = 14.4.8 = 13.10.11 CVE-2023-29526
maven MAVEN:GHSA-GPQ5-7P34-VQX5 XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode critical 2023-04-20T22:24:46
(17 months ago)
Affected >= 0.9.543, <= 0.9.1252 CVE-2006-7223
maven MAVEN:GHSA-H5JM-JJGX-Q2WF XWiki Remote Code Execution moderate 2022-05-01T07:45:42
(2 years ago)
Fixed = 1.0B1 CVE-2006-7223
maven MAVEN:GHSA-H5JM-JJGX-Q2WF XWiki Remote Code Execution moderate 2022-05-01T07:45:42
(2 years ago)
Affected >= 15.0, < 15.2-rc-1 >= 1.0, < 14.10.7 CVE-2023-46242
maven MAVEN:GHSA-HGPW-6P4H-J6H5 XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token critical 2023-11-07T22:35:24
(10 months ago)
Fixed = 15.2-rc-1 = 14.10.7 CVE-2023-46242
maven MAVEN:GHSA-HGPW-6P4H-J6H5 XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token critical 2023-11-07T22:35:24
(10 months ago)
Affected >= 16.0.0-rc-1, < 16.0.0 >= 15.6-rc-1, < 15.10.6 >= 15.0-rc-1, < 15.5.5 >= 13.10.3, < 14.10.21 >= 13.4.7, < 13.5 CVE-2024-37899
maven MAVEN:GHSA-J584-J2VJ-3F93 XWiki Platform allows remote code execution from user account critical 2024-06-20T16:19:14
(2 months ago)
Fixed = 16.0.0 = 15.10.6 = 15.5.5 = 14.10.21 CVE-2024-37899
maven MAVEN:GHSA-J584-J2VJ-3F93 XWiki Platform allows remote code execution from user account critical 2024-06-20T16:19:14
(2 months ago)
Affected >= 14.0, < 14.3-rc-1 >= 1.1, < 13.10.5 CVE-2022-36090
maven MAVEN:GHSA-JGC8-GVCX-9VFX XWiki Platform Improper Authorization check for inactive users high 2022-09-16T17:40:00
(2 years ago)
Fixed = 14.3-rc-1 = 13.10.5 CVE-2022-36090
maven MAVEN:GHSA-JGC8-GVCX-9VFX XWiki Platform Improper Authorization check for inactive users high 2022-09-16T17:40:00
(2 years ago)
Affected >= 13.0.0, <= 13.2 < 12.10.7 CVE-2022-23618
maven MAVEN:GHSA-JP55-VVMF-63MV URL Redirection to Untrusted Site ('Open Redirect') moderate 2022-02-09T21:42:47
(2 years ago)
Fixed = 13.3RC1 = 12.10.7 CVE-2022-23618
maven MAVEN:GHSA-JP55-VVMF-63MV URL Redirection to Untrusted Site ('Open Redirect') moderate 2022-02-09T21:42:47
(2 years ago)
Affected >= 15.0-rc-1, < 15.4-rc-1 >= 7.2, < 14.10.10 CVE-2023-41046
maven MAVEN:GHSA-M5M2-H6H9-P2C8 Velocity execution without script right through VelocityCode and VelocityWiki property moderate 2023-09-04T16:36:40
(12 months ago)
Fixed = 15.4-rc-1 = 14.10.10 CVE-2023-41046
maven MAVEN:GHSA-M5M2-H6H9-P2C8 Velocity execution without script right through VelocityCode and VelocityWiki property moderate 2023-09-04T16:36:40
(12 months ago)
Affected >= 15.0-rc-0, < 15.1-rc-1 >= 3.2-milestone-3, < 14.10.6 CVE-2023-35157
maven MAVEN:GHSA-PHWM-87RG-27QQ XWiki Platform vulnerable to reflected cross-site scripting via delattachment action high 2023-06-22T19:59:25
(15 months ago)
Fixed = 15.1-rc-1 = 14.10.6 CVE-2023-35157
maven MAVEN:GHSA-PHWM-87RG-27QQ XWiki Platform vulnerable to reflected cross-site scripting via delattachment action high 2023-06-22T19:59:25
(15 months ago)
Affected >= 14.4.1, < 14.4.7 >= 14.5, < 14.10 CVE-2023-29507
maven MAVEN:GHSA-PWFV-3CVG-9M4C org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors critical 2023-04-12T20:36:28
(17 months ago)
Fixed = 14.4.7 = 14.10 CVE-2023-29507
maven MAVEN:GHSA-PWFV-3CVG-9M4C org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors critical 2023-04-12T20:36:28
(17 months ago)
Affected >= 15.6-rc-1, < 15.9-rc-1 >= 15.0-rc-1, < 15.5.4 >= 5.0-rc-1, < 14.10.19 CVE-2024-31464
maven MAVEN:GHSA-V782-XR4W-3VQX XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted moderate 2024-04-10T17:07:27
(5 months ago)
Fixed = 15.9-rc-1 = 15.5.4 = 14.10.19 CVE-2024-31464
maven MAVEN:GHSA-V782-XR4W-3VQX XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted moderate 2024-04-10T17:07:27
(5 months ago)
Affected >= 15.6-rc-1, < 15.10-rc-1 >= 15.0-rc-1, < 15.5.4 >= 3.0.1, < 14.10.20 CVE-2024-31981
maven MAVEN:GHSA-VXWR-WPJV-QJQ7 XWiki Platform: Privilege escalation (PR) from user registration through PDFClass critical 2024-04-10T17:11:45
(5 months ago)
Fixed = 15.10-rc-1 = 15.5.4 = 14.10.20 CVE-2024-31981
maven MAVEN:GHSA-VXWR-WPJV-QJQ7 XWiki Platform: Privilege escalation (PR) from user registration through PDFClass critical 2024-04-10T17:11:45
(5 months ago)
Affected = 16.0.0-rc-1 >= 15.6-rc-1, < 15.10.6 >= 15.0-rc-1, < 15.5.5 >= 1.1.2, < 14.10.21 CVE-2024-43400
maven MAVEN:GHSA-WCG9-PGQV-XM5V XWiki Platform allows XSS through XClass name in string properties critical 2024-08-19T21:49:07
(3 weeks ago)
Fixed = 16.0.0 = 15.10.6 = 15.5.5 = 14.10.21 CVE-2024-43400
maven MAVEN:GHSA-WCG9-PGQV-XM5V XWiki Platform allows XSS through XClass name in string properties critical 2024-08-19T21:49:07
(3 weeks ago)
Affected >= 14.5, < 14.10.2 >= 14.0-rc-1, < 14.4.8 >= 3.3-milestone-1, < 13.10.11 CVE-2023-29523
maven MAVEN:GHSA-X764-FF8R-9HPX XWiki Platform vulnerable to code injection in display method used in user profiles critical 2023-04-20T22:16:45
(17 months ago)
Fixed = 14.10.2 = 14.4.8 = 13.10.11 CVE-2023-29523
maven MAVEN:GHSA-X764-FF8R-9HPX XWiki Platform vulnerable to code injection in display method used in user profiles critical 2023-04-20T22:16:45
(17 months ago)
Affected >= 1.0, < 14.10.17 CVE-2024-21648
maven MAVEN:GHSA-XH35-W7WG-95V3 XWiki has no right protection on rollback action high 2024-01-08T16:25:58
(8 months ago)
Fixed = 14.10.17 CVE-2024-21648
maven MAVEN:GHSA-XH35-W7WG-95V3 XWiki has no right protection on rollback action high 2024-01-08T16:25:58
(8 months ago)
Affected >= 14.5, < 14.8-rc-1 >= 14.0-rc-1, < 14.4.4 >= 6.0-rc-1, < 13.10.10 CVE-2023-29204
maven MAVEN:GHSA-XWPH-X6XJ-WGGV org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability moderate 2023-04-12T20:38:42
(17 months ago)
Fixed = 14.8-rc-1 = 14.4.4 = 13.10.10 CVE-2023-29204
maven MAVEN:GHSA-XWPH-X6XJ-WGGV org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability moderate 2023-04-12T20:38:42
(17 months ago)