Maven package
org.xwiki.platform/xwiki-platform-invitation-ui
pkg:maven/org.xwiki.platform/xwiki-platform-invitation-ui
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-37914 | — | >= 2.5-m-1, < 14.4.8 | 14.4.8 | Aug 17, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read | ||
| CVE-2023-35150 | — | >= 2.4-m-2, < 14.4.8 | 14.4.8 | Jun 23, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to rem | ||
| CVE-2023-29518 | — | >= 2.5-m-1, < 13.10.11 | 13.10.11 | Apr 18, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping |
- CVE-2023-37914Aug 17, 2023affected >= 2.5-m-1, < 14.4.8fixed 14.4.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read
- CVE-2023-35150Jun 23, 2023affected >= 2.4-m-2, < 14.4.8fixed 14.4.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to rem
- CVE-2023-29518Apr 18, 2023affected >= 2.5-m-1, < 13.10.11fixed 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping