Maven package
org.xwiki.contrib/application-ckeditor-ui
pkg:maven/org.xwiki.contrib/application-ckeditor-ui
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-36477 | — | >= 1.9, < 1.64.9 | 1.64.9 | Jun 30, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, lea | ||
| CVE-2023-22457 | — | < 1.64.3 | 1.64.3 | Jan 4, 2023 | CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileg |
- CVE-2023-36477Jun 30, 2023affected >= 1.9, < 1.64.9fixed 1.64.9
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, lea
- CVE-2023-22457Jan 4, 2023affected < 1.64.3fixed 1.64.3
CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileg