Maven package
org.xwiki.commons/xwiki-commons-xml
pkg:maven/org.xwiki.commons/xwiki-commons-xml
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-36471 | — | >= 14.6-rc-1, < 14.10.6 | 14.10.6 | Jun 29, 2023 | Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can b | ||
| CVE-2023-31126 | — | >= 14.6-rc-1, < 14.10.4 | 14.10.4 | May 9, 2023 | `org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does | ||
| CVE-2023-29528 | — | >= 4.2-milestone-1, < 14.10 | 14.10 | Apr 20, 2023 | XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cro | ||
| CVE-2023-29201 | — | >= 4.2-milestone-1, < 14.6-rc-1 | 14.6-rc-1 | Apr 15, 2023 | XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped `` and ``-tags but neither attributes that can be used to inject scripts | ||
| CVE-2023-26055 | — | >= 3.1-milestone-1, < 13.10.9 | 13.10.9 | Mar 2, 2023 | XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in | ||
| CVE-2022-24898 | — | >= 2.7, < 12.10.10 | 12.10.10 | Apr 28, 2022 | org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with |
- CVE-2023-36471Jun 29, 2023affected >= 14.6-rc-1, < 14.10.6fixed 14.10.6
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can b
- CVE-2023-31126May 9, 2023affected >= 14.6-rc-1, < 14.10.4fixed 14.10.4
`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does
- CVE-2023-29528Apr 20, 2023affected >= 4.2-milestone-1, < 14.10fixed 14.10
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cro
- CVE-2023-29201Apr 15, 2023affected >= 4.2-milestone-1, < 14.6-rc-1fixed 14.6-rc-1
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped `` and ``-tags but neither attributes that can be used to inject scripts
- CVE-2023-26055Mar 2, 2023affected >= 3.1-milestone-1, < 13.10.9fixed 13.10.9
XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in
- CVE-2022-24898Apr 28, 2022affected >= 2.7, < 12.10.10fixed 12.10.10
org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with