Maven package
org.xwiki.platform/xwiki-platform-help-ui
pkg:maven/org.xwiki.platform/xwiki-platform-help-ui
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-55877 | — | >= 9.7-rc-1, < 15.10.11 | 15.10.11 | Dec 12, 2024 | XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any page. This compromises the confide | ||
| CVE-2023-35166 | — | >= 8.1-milestone-1, < 14.10.5 | 14.10.5 | Jun 20, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5. |
- CVE-2024-55877Dec 12, 2024affected >= 9.7-rc-1, < 15.10.11fixed 15.10.11
XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any page. This compromises the confide
- CVE-2023-35166Jun 20, 2023affected >= 8.1-milestone-1, < 14.10.5fixed 14.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.