VYPR

Maven package

org.xwiki.contrib.blog/application-blog-ui

pkg:maven/org.xwiki.contrib.blog/application-blog-ui

Vulnerabilities (2)

  • CVE-2025-66024CriMar 4, 2026
    affected < 9.15.7fixed 9.15.7

    The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting (XSS) via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML

  • CVE-2025-58365HigSep 8, 2025
    affected < 9.14fixed 9.14

    The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit