pkg:maven/org.xwiki.platform/xwiki-platform-oldcore
Type
maven
Namespace
org.xwiki.platform
Name
xwiki-platform-oldcore
Known advisories, vulnerabilities and fixes for org.xwiki.platform/xwiki-platform-oldcore package.
Critical
11
High
10
Moderate
14
Low
2
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 14.0.0, < 14.4.2 >= 11.7RC1, < 13.10.7 |
CVE-2022-41929
|
MAVEN:GHSA-2GJ2-VJ98-J2QQ | Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore | moderate |
2022-11-21T22:35:22
(22 months ago) |
|
Fixed | = 14.4.2 = 13.10.7 |
CVE-2022-41929
|
MAVEN:GHSA-2GJ2-VJ98-J2QQ | Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore | moderate |
2022-11-21T22:35:22
(22 months ago) |
|
Affected | < 12.10.9 >= 13.0.0, < 13.4.3 >= 13.6-rc-1, <= 13.6 |
CVE-2022-23621
|
MAVEN:GHSA-2JHM-QP48-HV5J | Missing authorization in xwiki-platform | moderate |
2022-02-09T21:56:05
(2 years ago) |
|
Fixed | = 12.10.9 = 13.4.3 = 13.7-rc-1 |
CVE-2022-23621
|
MAVEN:GHSA-2JHM-QP48-HV5J | Missing authorization in xwiki-platform | moderate |
2022-02-09T21:56:05
(2 years ago) |
|
Affected | >= 15.6-rc-1, < 15.10.6 >= 15.0, < 15.5.5 >= 14.2, < 14.10.21 >= 13.10.4, < 14.0-rc-1 |
CVE-2024-37898
|
MAVEN:GHSA-33GP-GMG3-HFPQ | XWiki Platform vulnerable to document deletion and overwrite from edit | moderate |
2024-07-31T15:20:02
(6 weeks ago) |
|
Fixed | = 15.10.6 = 15.5.5 = 14.10.21 |
CVE-2024-37898
|
MAVEN:GHSA-33GP-GMG3-HFPQ | XWiki Platform vulnerable to document deletion and overwrite from edit | moderate |
2024-07-31T15:20:02
(6 weeks ago) |
|
Affected | >= 14.5, < 14.10 >= 14.0, < 14.4.7 >= 13.10, < 13.10.11 |
CVE-2023-26474
|
MAVEN:GHSA-3738-P9X3-MV9R | XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author | critical |
2023-03-03T22:48:40
(18 months ago) |
|
Fixed | = 14.10 = 14.4.7 = 13.10.11 |
CVE-2023-26474
|
MAVEN:GHSA-3738-P9X3-MV9R | XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author | critical |
2023-03-03T22:48:40
(18 months ago) |
|
Affected | >= 14.5, < 14.10 >= 14.0-rc-1, < 14.4.7 >= 1.2-milestone-1, < 13.10.11 |
CVE-2023-29208
|
MAVEN:GHSA-4F8G-FQ6X-JQRR | org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents | high |
2023-04-12T20:34:55
(17 months ago) |
|
Fixed | = 14.10 = 14.4.7 = 13.10.11 |
CVE-2023-29208
|
MAVEN:GHSA-4F8G-FQ6X-JQRR | org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents | high |
2023-04-12T20:34:55
(17 months ago) |
|
Affected | >= 15.0-rc-1, < 15.4-rc-1 >= 3.2-milestone-3, < 14.10.9 |
CVE-2023-40572
|
MAVEN:GHSA-4F8M-7H83-9F6M | XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action | high |
2023-08-23T20:37:04
(12 months ago) |
|
Fixed | = 15.4-rc-1 = 14.10.9 |
CVE-2023-40572
|
MAVEN:GHSA-4F8M-7H83-9F6M | XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action | high |
2023-08-23T20:37:04
(12 months ago) |
|
Affected | >= 14.5.0, < 14.6-rc-1 >= 14.0.0, < 14.4.2 < 13.10.8 |
CVE-2022-41932
|
MAVEN:GHSA-4X5R-6V26-7J4V | Creation of new database tables through login form on PostgreSQL | high |
2022-11-21T22:36:49
(22 months ago) |
|
Fixed | = 14.6-rc-1 = 14.4.2 = 13.10.8 |
CVE-2022-41932
|
MAVEN:GHSA-4X5R-6V26-7J4V | Creation of new database tables through login form on PostgreSQL | high |
2022-11-21T22:36:49
(22 months ago) |
|
Affected | >= 12.6.4, < 12.8 < 12.6.3 |
CVE-2021-29459
|
MAVEN:GHSA-5C66-V29H-XJH8 | XSS Cross Site Scripting | critical |
2021-04-22T16:11:55
(3 years ago) |
|
Fixed | = 12.8 = 12.6.3 |
CVE-2021-29459
|
MAVEN:GHSA-5C66-V29H-XJH8 | XSS Cross Site Scripting | critical |
2021-04-22T16:11:55
(3 years ago) |
|
Affected | >= 12.0, < 12.5 < 11.10.6 |
CVE-2020-15252
|
MAVEN:GHSA-5HV6-MH8Q-Q9V8 | RCE in XWiki | high |
2020-10-16T16:55:49
(3 years ago) |
|
Fixed | = 12.5 = 11.10.6 |
CVE-2020-15252
|
MAVEN:GHSA-5HV6-MH8Q-Q9V8 | RCE in XWiki | high |
2020-10-16T16:55:49
(3 years ago) |
|
Affected | < 14.10.4 |
CVE-2023-32068
|
MAVEN:GHSA-6GVJ-8VC5-8V3J | org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability | moderate |
2023-05-15T20:52:19
(16 months ago) |
|
Fixed | = 14.10.4 |
CVE-2023-32068
|
MAVEN:GHSA-6GVJ-8VC5-8V3J | org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability | moderate |
2023-05-15T20:52:19
(16 months ago) |
|
Affected | >= 12.0.0, < 12.2.1 < 11.10.5 |
CVE-2020-15171
|
MAVEN:GHSA-7QW5-PQHC-XM4G | Users with SCRIPT right can execute arbitrary code in XWiki | low |
2020-09-10T19:19:27
(4 years ago) |
|
Fixed | = 12.2.1 = 11.10.5 |
CVE-2020-15171
|
MAVEN:GHSA-7QW5-PQHC-XM4G | Users with SCRIPT right can execute arbitrary code in XWiki | low |
2020-09-10T19:19:27
(4 years ago) |
|
Affected | >= 14.0, < 14.2 < 13.10.4 |
CVE-2022-36092
|
MAVEN:GHSA-8H89-34W2-JPFM | XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action | high |
2022-09-16T17:06:38
(2 years ago) |
|
Fixed | = 14.2 = 13.10.4 |
CVE-2022-36092
|
MAVEN:GHSA-8H89-34W2-JPFM | XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action | high |
2022-09-16T17:06:38
(2 years ago) |
|
Affected | >= 15.0-rc-1, < 15.2-rc-1 >= 2.0, < 14.10.7 |
CVE-2023-36468
|
MAVEN:GHSA-8Q9Q-R9V2-644M | Upgrading doesn't prevent exploiting vulnerable XWiki documents | critical |
2023-06-30T20:42:07
(14 months ago) |
|
Fixed | = 15.2-rc-1 = 14.10.7 |
CVE-2023-36468
|
MAVEN:GHSA-8Q9Q-R9V2-644M | Upgrading doesn't prevent exploiting vulnerable XWiki documents | critical |
2023-06-30T20:42:07
(14 months ago) |
|
Affected | < 14.0-rc-1 |
CVE-2023-26470
|
MAVEN:GHSA-92WP-R7HM-42G7 | XWiki Platform subject to Uncontrolled Resource Consumption | moderate |
2023-03-03T22:50:41
(18 months ago) |
|
Fixed | = 14.0-rc-1 |
CVE-2023-26470
|
MAVEN:GHSA-92WP-R7HM-42G7 | XWiki Platform subject to Uncontrolled Resource Consumption | moderate |
2023-03-03T22:50:41
(18 months ago) |
|
Affected | >= 13.0, <= 13.2 < 12.10.6 |
CVE-2021-43841
|
MAVEN:GHSA-9JQ9-C2CV-PCRJ | Cross-site Scripting by SVG upload in xwiki-platform | moderate |
2022-02-10T22:42:48
(2 years ago) |
|
Fixed | = 13.3RC1 = 12.10.6 |
CVE-2021-43841
|
MAVEN:GHSA-9JQ9-C2CV-PCRJ | Cross-site Scripting by SVG upload in xwiki-platform | moderate |
2022-02-10T22:42:48
(2 years ago) |
|
Affected | >= 8.3-rc-1, < 13.10.3 |
CVE-2022-29253
|
MAVEN:GHSA-9QRP-H7FW-42HG | Path Traversal in XWiki Platform | low |
2022-06-01T19:56:34
(2 years ago) |
|
Fixed | = 13.10.3 |
CVE-2022-29253
|
MAVEN:GHSA-9QRP-H7FW-42HG | Path Traversal in XWiki Platform | low |
2022-06-01T19:56:34
(2 years ago) |
|
Affected | >= 15.6-rc-1, < 15.10-rc-1 >= 15.0-rc-1, < 15.5.4 >= 6.4-milestone-1, < 14.10.19 |
CVE-2024-31987
|
MAVEN:GHSA-CV55-V6RW-7R5V | XWiki Platform remote code execution from account via custom skins support | critical |
2024-04-10T17:14:47
(5 months ago) |
|
Fixed | = 15.10-rc-1 = 15.5.4 = 14.10.19 |
CVE-2024-31987
|
MAVEN:GHSA-CV55-V6RW-7R5V | XWiki Platform remote code execution from account via custom skins support | critical |
2024-04-10T17:14:47
(5 months ago) |
|
Affected | >= 1.0, < 13.0 |
CVE-2022-23615
|
MAVEN:GHSA-F4CJ-3Q3H-884R | Partial authorization bypass on document save in xwiki-platform | moderate |
2022-02-09T21:21:53
(2 years ago) |
|
Fixed | = 13.0 |
CVE-2022-23615
|
MAVEN:GHSA-F4CJ-3Q3H-884R | Partial authorization bypass on document save in xwiki-platform | moderate |
2022-02-09T21:21:53
(2 years ago) |
|
Affected | >= 1.0, < 14.10.6 >= 15.0, < 15.2-rc-1 |
CVE-2023-46243
|
MAVEN:GHSA-G2QQ-C5J9-5W5W | XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action | high |
2023-11-07T23:02:57
(10 months ago) |
|
Fixed | = 14.10.6 = 15.2-rc-1 |
CVE-2023-46243
|
MAVEN:GHSA-G2QQ-C5J9-5W5W | XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action | high |
2023-11-07T23:02:57
(10 months ago) |
|
Affected | >= 14.0-rc-1, < 14.2-rc-1 >= 11.3.7, < 13.10.4 |
CVE-2022-31166
|
MAVEN:GHSA-G4H6-QP44-WQVX | XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups | high |
2022-09-20T21:19:52
(2 years ago) |
|
Fixed | = 14.2-rc-1 = 13.10.4 |
CVE-2022-31166
|
MAVEN:GHSA-G4H6-QP44-WQVX | XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups | high |
2022-09-20T21:19:52
(2 years ago) |
|
Affected | >= 13.0, <= 13.1 < 12.10.6 |
CVE-2022-23617
|
MAVEN:GHSA-GF7X-2J2X-7F73 | Missing authorization in xwiki-platform | moderate |
2022-02-09T21:41:46
(2 years ago) |
|
Fixed | = 13.2-rc-1 = 12.10.6 |
CVE-2022-23617
|
MAVEN:GHSA-GF7X-2J2X-7F73 | Missing authorization in xwiki-platform | moderate |
2022-02-09T21:41:46
(2 years ago) |
|
Affected | >= 15.0-rc-1, < 15.3-rc-1 >= 9.4-rc-1, < 14.10.8 |
CVE-2023-37911
|
MAVEN:GHSA-GH64-QXH5-4M33 | org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents | moderate |
2023-10-25T21:06:58
(10 months ago) |
|
Fixed | = 15.3-rc-1 = 14.10.8 |
CVE-2023-37911
|
MAVEN:GHSA-GH64-QXH5-4M33 | org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents | moderate |
2023-10-25T21:06:58
(10 months ago) |
|
Affected | >= 14.5, < 14.10.3 >= 14.0-rc-1, < 14.4.8 >= 10.11.1, < 13.10.11 |
CVE-2023-29526
|
MAVEN:GHSA-GPQ5-7P34-VQX5 | XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode | critical |
2023-04-20T22:24:46
(17 months ago) |
|
Fixed | = 14.10.3 = 14.4.8 = 13.10.11 |
CVE-2023-29526
|
MAVEN:GHSA-GPQ5-7P34-VQX5 | XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode | critical |
2023-04-20T22:24:46
(17 months ago) |
|
Affected | >= 0.9.543, <= 0.9.1252 |
CVE-2006-7223
|
MAVEN:GHSA-H5JM-JJGX-Q2WF | XWiki Remote Code Execution | moderate |
2022-05-01T07:45:42
(2 years ago) |
|
Fixed | = 1.0B1 |
CVE-2006-7223
|
MAVEN:GHSA-H5JM-JJGX-Q2WF | XWiki Remote Code Execution | moderate |
2022-05-01T07:45:42
(2 years ago) |
|
Affected | >= 15.0, < 15.2-rc-1 >= 1.0, < 14.10.7 |
CVE-2023-46242
|
MAVEN:GHSA-HGPW-6P4H-J6H5 | XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token | critical |
2023-11-07T22:35:24
(10 months ago) |
|
Fixed | = 15.2-rc-1 = 14.10.7 |
CVE-2023-46242
|
MAVEN:GHSA-HGPW-6P4H-J6H5 | XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token | critical |
2023-11-07T22:35:24
(10 months ago) |
|
Affected | >= 16.0.0-rc-1, < 16.0.0 >= 15.6-rc-1, < 15.10.6 >= 15.0-rc-1, < 15.5.5 >= 13.10.3, < 14.10.21 >= 13.4.7, < 13.5 |
CVE-2024-37899
|
MAVEN:GHSA-J584-J2VJ-3F93 | XWiki Platform allows remote code execution from user account | critical |
2024-06-20T16:19:14
(2 months ago) |
|
Fixed | = 16.0.0 = 15.10.6 = 15.5.5 = 14.10.21 |
CVE-2024-37899
|
MAVEN:GHSA-J584-J2VJ-3F93 | XWiki Platform allows remote code execution from user account | critical |
2024-06-20T16:19:14
(2 months ago) |
|
Affected | >= 14.0, < 14.3-rc-1 >= 1.1, < 13.10.5 |
CVE-2022-36090
|
MAVEN:GHSA-JGC8-GVCX-9VFX | XWiki Platform Improper Authorization check for inactive users | high |
2022-09-16T17:40:00
(2 years ago) |
|
Fixed | = 14.3-rc-1 = 13.10.5 |
CVE-2022-36090
|
MAVEN:GHSA-JGC8-GVCX-9VFX | XWiki Platform Improper Authorization check for inactive users | high |
2022-09-16T17:40:00
(2 years ago) |
|
Affected | >= 13.0.0, <= 13.2 < 12.10.7 |
CVE-2022-23618
|
MAVEN:GHSA-JP55-VVMF-63MV | URL Redirection to Untrusted Site ('Open Redirect') | moderate |
2022-02-09T21:42:47
(2 years ago) |
|
Fixed | = 13.3RC1 = 12.10.7 |
CVE-2022-23618
|
MAVEN:GHSA-JP55-VVMF-63MV | URL Redirection to Untrusted Site ('Open Redirect') | moderate |
2022-02-09T21:42:47
(2 years ago) |
|
Affected | >= 15.0-rc-1, < 15.4-rc-1 >= 7.2, < 14.10.10 |
CVE-2023-41046
|
MAVEN:GHSA-M5M2-H6H9-P2C8 | Velocity execution without script right through VelocityCode and VelocityWiki property | moderate |
2023-09-04T16:36:40
(12 months ago) |
|
Fixed | = 15.4-rc-1 = 14.10.10 |
CVE-2023-41046
|
MAVEN:GHSA-M5M2-H6H9-P2C8 | Velocity execution without script right through VelocityCode and VelocityWiki property | moderate |
2023-09-04T16:36:40
(12 months ago) |
|
Affected | >= 15.0-rc-0, < 15.1-rc-1 >= 3.2-milestone-3, < 14.10.6 |
CVE-2023-35157
|
MAVEN:GHSA-PHWM-87RG-27QQ | XWiki Platform vulnerable to reflected cross-site scripting via delattachment action | high |
2023-06-22T19:59:25
(15 months ago) |
|
Fixed | = 15.1-rc-1 = 14.10.6 |
CVE-2023-35157
|
MAVEN:GHSA-PHWM-87RG-27QQ | XWiki Platform vulnerable to reflected cross-site scripting via delattachment action | high |
2023-06-22T19:59:25
(15 months ago) |
|
Affected | >= 14.4.1, < 14.4.7 >= 14.5, < 14.10 |
CVE-2023-29507
|
MAVEN:GHSA-PWFV-3CVG-9M4C | org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors | critical |
2023-04-12T20:36:28
(17 months ago) |
|
Fixed | = 14.4.7 = 14.10 |
CVE-2023-29507
|
MAVEN:GHSA-PWFV-3CVG-9M4C | org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors | critical |
2023-04-12T20:36:28
(17 months ago) |
|
Affected | >= 15.6-rc-1, < 15.9-rc-1 >= 15.0-rc-1, < 15.5.4 >= 5.0-rc-1, < 14.10.19 |
CVE-2024-31464
|
MAVEN:GHSA-V782-XR4W-3VQX | XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted | moderate |
2024-04-10T17:07:27
(5 months ago) |
|
Fixed | = 15.9-rc-1 = 15.5.4 = 14.10.19 |
CVE-2024-31464
|
MAVEN:GHSA-V782-XR4W-3VQX | XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted | moderate |
2024-04-10T17:07:27
(5 months ago) |
|
Affected | >= 15.6-rc-1, < 15.10-rc-1 >= 15.0-rc-1, < 15.5.4 >= 3.0.1, < 14.10.20 |
CVE-2024-31981
|
MAVEN:GHSA-VXWR-WPJV-QJQ7 | XWiki Platform: Privilege escalation (PR) from user registration through PDFClass | critical |
2024-04-10T17:11:45
(5 months ago) |
|
Fixed | = 15.10-rc-1 = 15.5.4 = 14.10.20 |
CVE-2024-31981
|
MAVEN:GHSA-VXWR-WPJV-QJQ7 | XWiki Platform: Privilege escalation (PR) from user registration through PDFClass | critical |
2024-04-10T17:11:45
(5 months ago) |
|
Affected | = 16.0.0-rc-1 >= 15.6-rc-1, < 15.10.6 >= 15.0-rc-1, < 15.5.5 >= 1.1.2, < 14.10.21 |
CVE-2024-43400
|
MAVEN:GHSA-WCG9-PGQV-XM5V | XWiki Platform allows XSS through XClass name in string properties | critical |
2024-08-19T21:49:07
(3 weeks ago) |
|
Fixed | = 16.0.0 = 15.10.6 = 15.5.5 = 14.10.21 |
CVE-2024-43400
|
MAVEN:GHSA-WCG9-PGQV-XM5V | XWiki Platform allows XSS through XClass name in string properties | critical |
2024-08-19T21:49:07
(3 weeks ago) |
|
Affected | >= 14.5, < 14.10.2 >= 14.0-rc-1, < 14.4.8 >= 3.3-milestone-1, < 13.10.11 |
CVE-2023-29523
|
MAVEN:GHSA-X764-FF8R-9HPX | XWiki Platform vulnerable to code injection in display method used in user profiles | critical |
2023-04-20T22:16:45
(17 months ago) |
|
Fixed | = 14.10.2 = 14.4.8 = 13.10.11 |
CVE-2023-29523
|
MAVEN:GHSA-X764-FF8R-9HPX | XWiki Platform vulnerable to code injection in display method used in user profiles | critical |
2023-04-20T22:16:45
(17 months ago) |
|
Affected | >= 1.0, < 14.10.17 |
CVE-2024-21648
|
MAVEN:GHSA-XH35-W7WG-95V3 | XWiki has no right protection on rollback action | high |
2024-01-08T16:25:58
(8 months ago) |
|
Fixed | = 14.10.17 |
CVE-2024-21648
|
MAVEN:GHSA-XH35-W7WG-95V3 | XWiki has no right protection on rollback action | high |
2024-01-08T16:25:58
(8 months ago) |
|
Affected | >= 14.5, < 14.8-rc-1 >= 14.0-rc-1, < 14.4.4 >= 6.0-rc-1, < 13.10.10 |
CVE-2023-29204
|
MAVEN:GHSA-XWPH-X6XJ-WGGV | org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability | moderate |
2023-04-12T20:38:42
(17 months ago) |
|
Fixed | = 14.8-rc-1 = 14.4.4 = 13.10.10 |
CVE-2023-29204
|
MAVEN:GHSA-XWPH-X6XJ-WGGV | org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability | moderate |
2023-04-12T20:38:42
(17 months ago) |