Maven package
org.xwiki.platform/xwiki-platform-livetable-ui
pkg:maven/org.xwiki.platform/xwiki-platform-livetable-ui
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-48048 | hig | — | >= 6.2.1, < 16.10.17 | 16.10.17 | May 26, 2026 | ### Impact XWiki discovered that the patch for GHSA-5cf8-vrr8-8hjm was insufficient and with slightly modified parameters to the `LiveTableResults`, it is still possible to discover password hashes one bit at a time, so with 768 requests, the full password salt and hash can be re | |
| CVE-2023-38509 | — | >= 3.5-milestone-1, < 14.10.9 | 14.10.9 | Jul 27, 2023 | XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfusca | ||
| CVE-2023-34467 | — | >= 3.5-milestone-1, < 14.4.8 | 14.4.8 | Jun 23, 2023 | XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was | ||
| CVE-2023-26476 | — | >= 3.2-m3, < 13.4.4 | 13.4.4 | Mar 2, 2023 | XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and h | ||
| CVE-2022-41935 | — | >= 12.10.11, < 13.10.8 | 13.10.8 | Nov 23, 2022 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the respo |
- affected >= 6.2.1, < 16.10.17fixed 16.10.17
### Impact XWiki discovered that the patch for GHSA-5cf8-vrr8-8hjm was insufficient and with slightly modified parameters to the `LiveTableResults`, it is still possible to discover password hashes one bit at a time, so with 768 requests, the full password salt and hash can be re
- CVE-2023-38509Jul 27, 2023affected >= 3.5-milestone-1, < 14.10.9fixed 14.10.9
XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfusca
- CVE-2023-34467Jun 23, 2023affected >= 3.5-milestone-1, < 14.4.8fixed 14.4.8
XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was
- CVE-2023-26476Mar 2, 2023affected >= 3.2-m3, < 13.4.4fixed 13.4.4
XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and h
- CVE-2022-41935Nov 23, 2022affected >= 12.10.11, < 13.10.8fixed 13.10.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the respo