pkg:maven/org.xwiki.platform/xwiki-platform-web
Type
maven
Namespace
org.xwiki.platform
Name
xwiki-platform-web
Known advisories, vulnerabilities and fixes for org.xwiki.platform/xwiki-platform-web package.
Critical
5
High
5
Moderate
4
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 12.10.9 >= 13.0.0, < 13.4.1 >= 13.5RC1, <= 13.5 |
CVE-2022-23619
|
MAVEN:GHSA-35FG-HJCR-J65F | Information exposure in xwiki-platform | moderate |
2022-02-09T21:51:19
(2 years ago) |
|
Fixed | = 12.10.9 = 13.4.1 = 13.6RC1 |
CVE-2022-23619
|
MAVEN:GHSA-35FG-HJCR-J65F | Information exposure in xwiki-platform | moderate |
2022-02-09T21:51:19
(2 years ago) |
|
Affected | >= 14.0, < 14.2 |
CVE-2022-36091
|
MAVEN:GHSA-599V-W48H-RJRM | XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor | high |
2022-09-16T17:39:46
(2 years ago) |
|
Fixed | = 14.2 |
CVE-2022-36091
|
MAVEN:GHSA-599V-W48H-RJRM | XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor | high |
2022-09-16T17:39:46
(2 years ago) |
|
Affected | >= 12.6.4, < 12.8 < 12.6.3 |
CVE-2021-29459
|
MAVEN:GHSA-5C66-V29H-XJH8 | XSS Cross Site Scripting | critical |
2021-04-22T16:11:55
(3 years ago) |
|
Fixed | = 12.8 = 12.6.3 |
CVE-2021-29459
|
MAVEN:GHSA-5C66-V29H-XJH8 | XSS Cross Site Scripting | critical |
2021-04-22T16:11:55
(3 years ago) |
|
Affected | >= 14.5, < 14.9 >= 14.0-rc-1, < 14.4.6 >= 1.9-milestone-2, < 13.10.10 |
CVE-2023-29207
|
MAVEN:GHSA-6VGH-9R3C-2CXP | Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro | high |
2023-04-12T20:43:21
(17 months ago) |
|
Fixed | = 14.9 = 14.4.6 = 13.10.10 |
CVE-2023-29207
|
MAVEN:GHSA-6VGH-9R3C-2CXP | Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro | high |
2023-04-12T20:43:21
(17 months ago) |
|
Affected | >= 3.1-milestone-2, < 13.4-rc-1 |
CVE-2023-45137
|
MAVEN:GHSA-93GH-JGJJ-R929 | XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages | critical |
2023-10-25T21:14:07
(10 months ago) |
|
Fixed | = 13.4-rc-1 |
CVE-2023-45137
|
MAVEN:GHSA-93GH-JGJJ-R929 | XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages | critical |
2023-10-25T21:14:07
(10 months ago) |
|
Affected | >= 2.2.1, < 14.4.8 |
CVE-2023-34464
|
MAVEN:GHSA-FP7H-F9F5-X4Q7 | XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template | critical |
2023-06-20T16:44:35
(15 months ago) |
|
Fixed | = 14.4.8 |
CVE-2023-34464
|
MAVEN:GHSA-FP7H-F9F5-X4Q7 | XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template | critical |
2023-06-20T16:44:35
(15 months ago) |
|
Affected | >= 7.2-milestone-2, < 14.10.12 |
CVE-2023-45135
|
MAVEN:GHSA-GHF6-2F42-MJH9 | XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title | critical |
2023-10-25T21:13:10
(10 months ago) |
|
Fixed | = 14.10.12 |
CVE-2023-45135
|
MAVEN:GHSA-GHF6-2F42-MJH9 | XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title | critical |
2023-10-25T21:13:10
(10 months ago) |
|
Affected | >= 3.1-milestone-1, < 13.4-rc-1 |
CVE-2023-45134
|
MAVEN:GHSA-GR82-8FJ2-GGC3 | XWiki Platform XSS vulnerability from account in the create page form via template provider | critical |
2023-10-25T21:09:06
(10 months ago) |
|
Fixed | = 13.4-rc-1 |
CVE-2023-45134
|
MAVEN:GHSA-GR82-8FJ2-GGC3 | XWiki Platform XSS vulnerability from account in the create page form via template provider | critical |
2023-10-25T21:09:06
(10 months ago) |
|
Affected | >= 13.1, < 13.2 |
CVE-2021-32731
|
MAVEN:GHSA-H4M4-PGP4-WHGM | The reset password form reveal users email address | moderate |
2021-07-02T19:19:04
(3 years ago) |
|
Fixed | = 13.2 |
CVE-2021-32731
|
MAVEN:GHSA-H4M4-PGP4-WHGM | The reset password form reveal users email address | moderate |
2021-07-02T19:19:04
(3 years ago) |
|
Affected | >= 14.0, < 14.3-rc-1 >= 8.0-rc-1, < 13.10.5 |
CVE-2022-36093
|
MAVEN:GHSA-H5J3-5X63-P8JV | XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard | high |
2022-09-16T17:05:55
(2 years ago) |
|
Fixed | = 14.3-rc-1 = 13.10.5 |
CVE-2022-36093
|
MAVEN:GHSA-H5J3-5X63-P8JV | XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard | high |
2022-09-16T17:05:55
(2 years ago) |
|
Affected | >= 14.0, < 14.3-rc-1 >= 1.0, < 13.10.6 |
CVE-2022-36094
|
MAVEN:GHSA-MXF2-4R22-5HQ9 | XWiki Platform Web Parent POM vulnerable to XSS in the attachment history | high |
2022-09-16T17:05:12
(2 years ago) |
|
Fixed | = 14.3-rc-1 = 13.10.6 |
CVE-2022-36094
|
MAVEN:GHSA-MXF2-4R22-5HQ9 | XWiki Platform Web Parent POM vulnerable to XSS in the attachment history | high |
2022-09-16T17:05:12
(2 years ago) |
|
Affected | < 12.8 |
CVE-2020-13654
|
MAVEN:GHSA-P93C-H8QM-7256 | Improper escaping in XWiki Platform | high |
2022-02-09T22:32:29
(2 years ago) |
|
Fixed | = 12.8 |
CVE-2020-13654
|
MAVEN:GHSA-P93C-H8QM-7256 | Improper escaping in XWiki Platform | high |
2022-02-09T22:32:29
(2 years ago) |
|
Affected | >= 13.5.0, < 13.9 >= 13.0.0, < 13.4.4 < 12.10.11 |
CVE-2022-24820
|
MAVEN:GHSA-QPP2-2MCP-2WM5 | Unauthenticated user can list hidden document from multiple velocity templates in XWiki | moderate |
2022-04-08T22:00:54
(2 years ago) |
|
Fixed | = 13.9 = 13.4.4 = 12.10.11 |
CVE-2022-24820
|
MAVEN:GHSA-QPP2-2MCP-2WM5 | Unauthenticated user can list hidden document from multiple velocity templates in XWiki | moderate |
2022-04-08T22:00:54
(2 years ago) |
|
Affected | >= 14.5, < 14.10 >= 14.0, < 14.4.7 >= 1.3-rc-1, < 13.10.11 |
CVE-2023-26473
|
MAVEN:GHSA-VPX4-7RFP-H545 | Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm | moderate |
2023-03-03T22:46:43
(18 months ago) |
|
Fixed | = 14.10 = 14.4.7 = 13.10.11 |
CVE-2023-26473
|
MAVEN:GHSA-VPX4-7RFP-H545 | Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm | moderate |
2023-03-03T22:46:43
(18 months ago) |