VYPR

Maven package

org.xwiki.contrib/application-ckeditor-ui

pkg:maven/org.xwiki.contrib/application-ckeditor-ui

Vulnerabilities (2)

  • CVE-2023-36477Jun 30, 2023
    affected >= 1.9, < 1.64.9fixed 1.64.9

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, lea

  • CVE-2023-22457Jan 4, 2023
    affected < 1.64.3fixed 1.64.3

    CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileg