Maven package
org.xwiki.platform/xwiki-platform-flamingo-skin-resources
pkg:maven/org.xwiki.platform/xwiki-platform-flamingo-skin-resources
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-66472 | — | >= 6.2-milestone-1, < 16.10.10 | 16.10.10 | Dec 10, 2025 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a re | ||
| CVE-2023-46732 | — | >= 9.7-rc-1, < 14.10.14 | 14.10.14 | Nov 6, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping. If an attacker can convi | ||
| CVE-2023-35162 | — | >= 6.1-rc-1, < 14.10.5 | 14.10.5 | Jun 23, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the previewactions template to perform a XSS, e.g. by u | ||
| CVE-2023-35158 | — | >= 9.4-rc-1, < 14.10.5 | 14.10.5 | Jun 23, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using UR | ||
| CVE-2023-35156 | — | >= 6.0-rc-1, < 14.10.6 | 14.10.6 | Jun 23, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the delete template to perform a XSS, e.g. by using URL | ||
| CVE-2023-29207 | — | >= 1.9-milestone-2, < 13.10.10 | 13.10.10 | Apr 15, 2023 | XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro |
- CVE-2025-66472Dec 10, 2025affected >= 6.2-milestone-1, < 16.10.10fixed 16.10.10
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a re
- CVE-2023-46732Nov 6, 2023affected >= 9.7-rc-1, < 14.10.14fixed 14.10.14
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping. If an attacker can convi
- CVE-2023-35162Jun 23, 2023affected >= 6.1-rc-1, < 14.10.5fixed 14.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the previewactions template to perform a XSS, e.g. by u
- CVE-2023-35158Jun 23, 2023affected >= 9.4-rc-1, < 14.10.5fixed 14.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using UR
- CVE-2023-35156Jun 23, 2023affected >= 6.0-rc-1, < 14.10.6fixed 14.10.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the delete template to perform a XSS, e.g. by using URL
- CVE-2023-29207Apr 15, 2023affected >= 1.9-milestone-2, < 13.10.10fixed 13.10.10
XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro