VYPR

Maven package

org.xwiki.platform/xwiki-platform-distribution-war

pkg:maven/org.xwiki.platform/xwiki-platform-distribution-war

Vulnerabilities (5)

  • CVE-2025-32429Jul 24, 2025
    affected >= 9.4-rc-1, < 16.10.6fixed 16.10.6

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's inject

  • CVE-2024-55663Dec 12, 2024
    affected >= 6.3-milestone-2, < 13.10.5fixed 13.10.5

    XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in `getdocument.vm`; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject

  • CVE-2024-21651Jan 8, 2024
    affected >= 14.10, < 14.10.18fixed 14.10.18

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of servic

  • CVE-2023-32071May 9, 2023
    affected >= 2.2-milestone-1, < 14.4.8fixed 14.4.8

    XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an atta

  • CVE-2023-29525Apr 18, 2023
    affected >= 12.6.1, < 13.10.11fixed 13.10.11

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the `since` parameter of the `/xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration` endpoint.