Maven package
org.xwiki.platform/xwiki-platform-livedata-macro
pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-29508 | — | >= 13.10.10, < 13.10.11 | 13.10.11 | Apr 16, 2023 | XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14. | ||
| CVE-2023-26480 | — | >= 12.10, < 13.10.10 | 13.10.10 | Mar 2, 2023 | XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds. |
- CVE-2023-29508Apr 16, 2023affected >= 13.10.10, < 13.10.11fixed 13.10.11
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.
- CVE-2023-26480Mar 2, 2023affected >= 12.10, < 13.10.10fixed 13.10.10
XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds.