Maven package
org.xwiki.platform/xwiki-platform-appwithinminutes-ui
pkg:maven/org.xwiki.platform/xwiki-platform-appwithinminutes-ui
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-40177 | — | >= 4.3-milestone-2, < 14.10.5 | 14.10.5 | Aug 23, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. T | ||
| CVE-2023-35161 | — | >= 6.2-milestone-1, < 14.10.5 | 14.10.5 | Jun 23, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by us | ||
| CVE-2023-35153 | — | >= 5.4.4, < 14.4.8 | 14.4.8 | Jun 23, 2023 | XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and s | ||
| CVE-2023-29515 | — | >= 4.2-milestone-1, < 13.10.11 | 13.10.11 | Apr 18, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The v | ||
| CVE-2023-29527 | — | >= 7.4.4, < 14.10.3 | 14.10.3 | Apr 18, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile (or any other document) with the wiki editor and add groovy script content. Viewing the |
- CVE-2023-40177Aug 23, 2023affected >= 4.3-milestone-2, < 14.10.5fixed 14.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. T
- CVE-2023-35161Jun 23, 2023affected >= 6.2-milestone-1, < 14.10.5fixed 14.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by us
- CVE-2023-35153Jun 23, 2023affected >= 5.4.4, < 14.4.8fixed 14.4.8
XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and s
- CVE-2023-29515Apr 18, 2023affected >= 4.2-milestone-1, < 13.10.11fixed 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The v
- CVE-2023-29527Apr 18, 2023affected >= 7.4.4, < 14.10.3fixed 14.10.3
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile (or any other document) with the wiki editor and add groovy script content. Viewing the