VYPR

Maven package

org.xwiki.platform/xwiki-platform-livedata-macro

pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro

Vulnerabilities (2)

  • CVE-2023-29508Apr 16, 2023
    affected >= 13.10.10, < 13.10.11fixed 13.10.11

    XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.

  • CVE-2023-26480Mar 2, 2023
    affected >= 12.10, < 13.10.10fixed 13.10.10

    XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds.