pkg:maven/org.xwiki.platform/xwiki-platform-web

Type maven

Namespace org.xwiki.platform

Name xwiki-platform-web

Known advisories, vulnerabilities and fixes for org.xwiki.platform/xwiki-platform-web package.

Repository: https://mvnrepository.com/artifact/org.xwiki.platform/xwiki-platform-web

Critical 5

High 5

Moderate 4

Type	Version	# CVEs	# Advisory ID	Title	Severity	Published
Affected	< 12.10.9 >= 13.0.0, < 13.4.1 >= 13.5RC1, <= 13.5	CVE-2022-23619	MAVEN:GHSA-35FG-HJCR-J65F	Information exposure in xwiki-platform	moderate	2022-02-09T21:51:19 (2 years ago)
Fixed	= 12.10.9 = 13.4.1 = 13.6RC1	CVE-2022-23619	MAVEN:GHSA-35FG-HJCR-J65F	Information exposure in xwiki-platform	moderate	2022-02-09T21:51:19 (2 years ago)
Affected	>= 14.0, < 14.2	CVE-2022-36091	MAVEN:GHSA-599V-W48H-RJRM	XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor	high	2022-09-16T17:39:46 (2 years ago)
Fixed	= 14.2	CVE-2022-36091	MAVEN:GHSA-599V-W48H-RJRM	XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor	high	2022-09-16T17:39:46 (2 years ago)
Affected	>= 12.6.4, < 12.8 < 12.6.3	CVE-2021-29459	MAVEN:GHSA-5C66-V29H-XJH8	XSS Cross Site Scripting	critical	2021-04-22T16:11:55 (3 years ago)
Fixed	= 12.8 = 12.6.3	CVE-2021-29459	MAVEN:GHSA-5C66-V29H-XJH8	XSS Cross Site Scripting	critical	2021-04-22T16:11:55 (3 years ago)
Affected	>= 14.5, < 14.9 >= 14.0-rc-1, < 14.4.6 >= 1.9-milestone-2, < 13.10.10	CVE-2023-29207	MAVEN:GHSA-6VGH-9R3C-2CXP	Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro	high	2023-04-12T20:43:21 (17 months ago)
Fixed	= 14.9 = 14.4.6 = 13.10.10	CVE-2023-29207	MAVEN:GHSA-6VGH-9R3C-2CXP	Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro	high	2023-04-12T20:43:21 (17 months ago)
Affected	>= 3.1-milestone-2, < 13.4-rc-1	CVE-2023-45137	MAVEN:GHSA-93GH-JGJJ-R929	XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages	critical	2023-10-25T21:14:07 (10 months ago)
Fixed	= 13.4-rc-1	CVE-2023-45137	MAVEN:GHSA-93GH-JGJJ-R929	XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages	critical	2023-10-25T21:14:07 (10 months ago)
Affected	>= 2.2.1, < 14.4.8	CVE-2023-34464	MAVEN:GHSA-FP7H-F9F5-X4Q7	XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template	critical	2023-06-20T16:44:35 (15 months ago)
Fixed	= 14.4.8	CVE-2023-34464	MAVEN:GHSA-FP7H-F9F5-X4Q7	XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template	critical	2023-06-20T16:44:35 (15 months ago)
Affected	>= 7.2-milestone-2, < 14.10.12	CVE-2023-45135	MAVEN:GHSA-GHF6-2F42-MJH9	XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title	critical	2023-10-25T21:13:10 (10 months ago)
Fixed	= 14.10.12	CVE-2023-45135	MAVEN:GHSA-GHF6-2F42-MJH9	XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title	critical	2023-10-25T21:13:10 (10 months ago)
Affected	>= 3.1-milestone-1, < 13.4-rc-1	CVE-2023-45134	MAVEN:GHSA-GR82-8FJ2-GGC3	XWiki Platform XSS vulnerability from account in the create page form via template provider	critical	2023-10-25T21:09:06 (10 months ago)
Fixed	= 13.4-rc-1	CVE-2023-45134	MAVEN:GHSA-GR82-8FJ2-GGC3	XWiki Platform XSS vulnerability from account in the create page form via template provider	critical	2023-10-25T21:09:06 (10 months ago)
Affected	>= 13.1, < 13.2	CVE-2021-32731	MAVEN:GHSA-H4M4-PGP4-WHGM	The reset password form reveal users email address	moderate	2021-07-02T19:19:04 (3 years ago)
Fixed	= 13.2	CVE-2021-32731	MAVEN:GHSA-H4M4-PGP4-WHGM	The reset password form reveal users email address	moderate	2021-07-02T19:19:04 (3 years ago)
Affected	>= 14.0, < 14.3-rc-1 >= 8.0-rc-1, < 13.10.5	CVE-2022-36093	MAVEN:GHSA-H5J3-5X63-P8JV	XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard	high	2022-09-16T17:05:55 (2 years ago)
Fixed	= 14.3-rc-1 = 13.10.5	CVE-2022-36093	MAVEN:GHSA-H5J3-5X63-P8JV	XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard	high	2022-09-16T17:05:55 (2 years ago)
Affected	>= 14.0, < 14.3-rc-1 >= 1.0, < 13.10.6	CVE-2022-36094	MAVEN:GHSA-MXF2-4R22-5HQ9	XWiki Platform Web Parent POM vulnerable to XSS in the attachment history	high	2022-09-16T17:05:12 (2 years ago)
Fixed	= 14.3-rc-1 = 13.10.6	CVE-2022-36094	MAVEN:GHSA-MXF2-4R22-5HQ9	XWiki Platform Web Parent POM vulnerable to XSS in the attachment history	high	2022-09-16T17:05:12 (2 years ago)
Affected	< 12.8	CVE-2020-13654	MAVEN:GHSA-P93C-H8QM-7256	Improper escaping in XWiki Platform	high	2022-02-09T22:32:29 (2 years ago)
Fixed	= 12.8	CVE-2020-13654	MAVEN:GHSA-P93C-H8QM-7256	Improper escaping in XWiki Platform	high	2022-02-09T22:32:29 (2 years ago)
Affected	>= 13.5.0, < 13.9 >= 13.0.0, < 13.4.4 < 12.10.11	CVE-2022-24820	MAVEN:GHSA-QPP2-2MCP-2WM5	Unauthenticated user can list hidden document from multiple velocity templates in XWiki	moderate	2022-04-08T22:00:54 (2 years ago)
Fixed	= 13.9 = 13.4.4 = 12.10.11	CVE-2022-24820	MAVEN:GHSA-QPP2-2MCP-2WM5	Unauthenticated user can list hidden document from multiple velocity templates in XWiki	moderate	2022-04-08T22:00:54 (2 years ago)
Affected	>= 14.5, < 14.10 >= 14.0, < 14.4.7 >= 1.3-rc-1, < 13.10.11	CVE-2023-26473	MAVEN:GHSA-VPX4-7RFP-H545	Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm	moderate	2023-03-03T22:46:43 (18 months ago)
Fixed	= 14.10 = 14.4.7 = 13.10.11	CVE-2023-26473	MAVEN:GHSA-VPX4-7RFP-H545	Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm	moderate	2023-03-03T22:46:43 (18 months ago)