pkg:maven/org.xwiki.platform/xwiki-platform-web-templates
Type
maven
Namespace
org.xwiki.platform
Name
xwiki-platform-web-templates
Known advisories, vulnerabilities and fixes for org.xwiki.platform/xwiki-platform-web-templates package.
Critical
10
High
4
Moderate
4
Low
1
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | >= 1.3, < 13.10.4 |
CVE-2022-36091
|
 MAVEN:GHSA-599V-W48H-RJRM
|
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor | high |
2022-09-16T17:39:46
(2 years ago) |
|
| Fixed | = 13.10.4 |
CVE-2022-36091
|
MAVEN:GHSA-599V-W48H-RJRM
|
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor | high |
2022-09-16T17:39:46
(2 years ago) |
|
| Affected | >= 16.0.0-rc-1, < 16.3.0-rc-1 >= 11.8-rc-1, < 15.10.8 |
CVE-2024-41947
|
MAVEN:GHSA-692V-783F-MG8X
|
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution | critical |
2024-07-31T16:54:36
(6 weeks ago) |
|
| Fixed | = 16.3.0-rc-1 = 15.10.8 |
CVE-2024-41947
|
MAVEN:GHSA-692V-783F-MG8X
|
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution | critical |
2024-07-31T16:54:36
(6 weeks ago) |
|
| Affected | >= 14.5, < 14.9 >= 14.0-rc-1, < 14.4.6 >= 1.9-milestone-2, < 13.10.10 |
CVE-2023-29207
|
MAVEN:GHSA-6VGH-9R3C-2CXP
|
Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro | high |
2023-04-12T20:43:21
(17 months ago) |
|
| Fixed | = 14.9 = 14.4.6 = 13.10.10 |
CVE-2023-29207
|
MAVEN:GHSA-6VGH-9R3C-2CXP
|
Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro | high |
2023-04-12T20:43:21
(17 months ago) |
|
| Affected | >= 15.0-rc-1, < 15.5-rc-1 < 14.10.12 |
CVE-2023-45137
|
MAVEN:GHSA-93GH-JGJJ-R929
|
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages | critical |
2023-10-25T21:14:07
(10 months ago) |
|
| Fixed | = 15.5-rc-1 = 14.10.12 |
CVE-2023-45137
|
MAVEN:GHSA-93GH-JGJJ-R929
|
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages | critical |
2023-10-25T21:14:07
(10 months ago) |
|
| Affected | >= 13.5.0, < 13.9 >= 13.0.0, < 13.4.4 < 12.10.11 |
CVE-2022-24819
|
MAVEN:GHSA-97JG-43C9-Q6PF
|
Unauthenticated user can retrieve the list of users through uorgsuggest.vm | moderate |
2022-04-08T21:53:38
(2 years ago) |
|
| Fixed | = 13.9 = 13.4.4 = 12.10.11 |
CVE-2022-24819
|
MAVEN:GHSA-97JG-43C9-Q6PF
|
Unauthenticated user can retrieve the list of users through uorgsuggest.vm | moderate |
2022-04-08T21:53:38
(2 years ago) |
|
| Affected | < 15.10-rc-1 |
CVE-2024-43401
|
MAVEN:GHSA-F963-4CQ8-2GW7
|
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them | critical |
2024-08-19T21:49:15
(3 weeks ago) |
|
| Fixed | = 15.10-rc-1 |
CVE-2024-43401
|
MAVEN:GHSA-F963-4CQ8-2GW7
|
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them | critical |
2024-08-19T21:49:15
(3 weeks ago) |
|
| Affected | >= 8.0-rc-1, < 14.10.1 |
CVE-2023-29513
|
MAVEN:GHSA-FP36-MJW5-FMGX
|
xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro | moderate |
2023-04-20T21:39:56
(17 months ago) |
|
| Fixed | = 14.10.1 |
CVE-2023-29513
|
MAVEN:GHSA-FP36-MJW5-FMGX
|
xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro | moderate |
2023-04-20T21:39:56
(17 months ago) |
|
| Affected | >= 15.0-rc-1, < 15.1-rc-1 >= 14.5, < 14.10.5 < 14.4.8 |
CVE-2023-34464
|
MAVEN:GHSA-FP7H-F9F5-X4Q7
|
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template | critical |
2023-06-20T16:44:35
(15 months ago) |
|
| Fixed | = 15.1-rc-1 = 14.10.5 = 14.4.8 |
CVE-2023-34464
|
MAVEN:GHSA-FP7H-F9F5-X4Q7
|
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template | critical |
2023-06-20T16:44:35
(15 months ago) |
|
| Affected | >= 14.0, < 14.3 >= 2.0-milestone-1, < 13.10.5 |
CVE-2022-36095
|
MAVEN:GHSA-FXWR-4VQ9-9VHJ
|
XWiki Cross-Site Request Forgery (CSRF) for actions on tags | moderate |
2022-09-16T21:04:25
(2 years ago) |
|
| Fixed | = 14.3 = 13.10.5 |
CVE-2022-36095
|
MAVEN:GHSA-FXWR-4VQ9-9VHJ
|
XWiki Cross-Site Request Forgery (CSRF) for actions on tags | moderate |
2022-09-16T21:04:25
(2 years ago) |
|
| Affected | >= 15.0-rc-1, < 15.5-rc-1 < 14.10.12 |
CVE-2023-45135
|
MAVEN:GHSA-GHF6-2F42-MJH9
|
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title | critical |
2023-10-25T21:13:10
(10 months ago) |
|
| Fixed | = 15.5-rc-1 = 14.10.12 |
CVE-2023-45135
|
MAVEN:GHSA-GHF6-2F42-MJH9
|
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title | critical |
2023-10-25T21:13:10
(10 months ago) |
|
| Affected | >= 15.0-rc-1, < 15.5-rc-1 < 14.10.12 |
CVE-2023-45134
|
MAVEN:GHSA-GR82-8FJ2-GGC3
|
XWiki Platform XSS vulnerability from account in the create page form via template provider | critical |
2023-10-25T21:09:06
(10 months ago) |
|
| Fixed | = 15.5-rc-1 = 14.10.12 |
CVE-2023-45134
|
MAVEN:GHSA-GR82-8FJ2-GGC3
|
XWiki Platform XSS vulnerability from account in the create page form via template provider | critical |
2023-10-25T21:09:06
(10 months ago) |
|
| Affected | >= 13.10.0, < 13.10.3 >= 13.0.0, < 13.4.7 >= 2.6.1, < 12.10.11 |
CVE-2022-23622
|
MAVEN:GHSA-GX6H-936C-VRRR
|
Cross site scripting in registration template in xwiki-platform | high |
2022-02-09T23:25:44
(2 years ago) |
|
| Fixed | = 13.10.3 = 13.4.7 = 12.10.11 |
CVE-2022-23622
|
MAVEN:GHSA-GX6H-936C-VRRR
|
Cross site scripting in registration template in xwiki-platform | high |
2022-02-09T23:25:44
(2 years ago) |
|
| Affected | >= 14.0, < 14.3-rc-1 < 13.10.5 |
CVE-2022-36093
|
MAVEN:GHSA-H5J3-5X63-P8JV
|
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard | high |
2022-09-16T17:05:55
(2 years ago) |
|
| Fixed | = 14.3-rc-1 = 13.10.5 |
CVE-2022-36093
|
MAVEN:GHSA-H5J3-5X63-P8JV
|
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard | high |
2022-09-16T17:05:55
(2 years ago) |
|
| Affected | >= 4.1-milestone-2, < 14.10.5 |
CVE-2023-40176
|
MAVEN:GHSA-H8CM-3V5F-RGP6
|
XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer | moderate |
2023-08-21T19:59:12
(13 months ago) |
|
| Fixed | = 14.10.5 |
CVE-2023-40176
|
MAVEN:GHSA-H8CM-3V5F-RGP6
|
XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer | moderate |
2023-08-21T19:59:12
(13 months ago) |
|
| Affected | >= 14.5, < 14.10.1 >= 14.0-rc-1, < 14.4.8 >= 1.0B1, < 13.10.11 |
CVE-2023-29512
|
MAVEN:GHSA-HG5X-3W3X-7G96
|
xwiki-platform-web-templates vulnerable to Eval Injection | critical |
2023-04-20T21:38:48
(17 months ago) |
|
| Fixed | = 14.10.1 = 14.4.8 = 13.10.11 |
CVE-2023-29512
|
MAVEN:GHSA-HG5X-3W3X-7G96
|
xwiki-platform-web-templates vulnerable to Eval Injection | critical |
2023-04-20T21:38:48
(17 months ago) |
|
| Affected | >= 15.0-rc-1, < 15.5-rc-1 >= 12.0-rc-1, < 14.10.12 |
CVE-2023-45136
|
MAVEN:GHSA-QCJ9-GCPG-4W2W
|
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled | critical |
2023-10-25T21:13:37
(10 months ago) |
|
| Fixed | = 15.5-rc-1 = 14.10.12 |
CVE-2023-45136
|
MAVEN:GHSA-QCJ9-GCPG-4W2W
|
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled | critical |
2023-10-25T21:13:37
(10 months ago) |
|
| Affected | >= 15.0-rc-1, < 15.1-rc-1 >= 2.5-milestone-2, < 14.10.5 |
CVE-2023-35160
|
MAVEN:GHSA-R8XC-XXH3-Q5X3
|
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template | critical |
2023-06-22T19:59:55
(15 months ago) |
|
| Fixed | = 15.1-rc-1 = 14.10.5 |
CVE-2023-35160
|
MAVEN:GHSA-R8XC-XXH3-Q5X3
|
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template | critical |
2023-06-22T19:59:55
(15 months ago) |
|
| Affected | >= 14.5, < 14.7-rc-1 >= 14.0-rc-1, < 14.4.3 >= 13.9-rc-1, < 13.10.8 |
CVE-2023-29203
|
MAVEN:GHSA-VVP7-R422-RX83
|
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm | low |
2023-04-12T20:40:00
(17 months ago) |
|
| Fixed | = 14.7-rc-1 = 14.4.3 = 13.10.8 |
CVE-2023-29203
|
MAVEN:GHSA-VVP7-R422-RX83
|
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm | low |
2023-04-12T20:40:00
(17 months ago) |
|
| Affected | >= 15.0-rc-1, < 15.1-rc-1 >= 3.4-milestone-1, < 14.10.5 |
CVE-2023-35159
|
MAVEN:GHSA-X234-MG7Q-M8G8
|
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template | critical |
2023-06-22T19:59:47
(15 months ago) |
|
| Fixed | = 15.1-rc-1 = 14.10.5 |
CVE-2023-35159
|
MAVEN:GHSA-X234-MG7Q-M8G8
|
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template | critical |
2023-06-22T19:59:47
(15 months ago) |