Maven package
org.xwiki.platform/xwiki-platform-icon-ui
pkg:maven/org.xwiki.platform/xwiki-platform-icon-ui
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-36470 | — | >= 6.2-milestone-1, < 14.10.6 | 14.10.6 | Jun 29, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and t | ||
| CVE-2023-26472 | — | >= 6.2-milestone-1, < 13.10.10 | 13.10.10 | Mar 2, 2023 | XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for us | ||
| CVE-2022-41931 | — | >= 6.4-milestone-2, < 13.10.7 | 13.10.7 | Nov 23, 2022 | xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWik |
- CVE-2023-36470Jun 29, 2023affected >= 6.2-milestone-1, < 14.10.6fixed 14.10.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and t
- CVE-2023-26472Mar 2, 2023affected >= 6.2-milestone-1, < 13.10.10fixed 13.10.10
XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for us
- CVE-2022-41931Nov 23, 2022affected >= 6.4-milestone-2, < 13.10.7fixed 13.10.7
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWik