VYPR

Maven package

org.xwiki.platform/xwiki-platform-notifications-ui

pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui

Vulnerabilities (4)

  • CVE-2024-46978Sep 18, 2024
    affected >= 13.2-rc-1, < 14.10.21fixed 14.10.21

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might

  • CVE-2024-46979Sep 18, 2024
    affected >= 13.2-rc-1, < 14.10.21fixed 14.10.21

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableR

  • CVE-2023-36469Jun 29, 2023
    affected >= 9.6-rc-1, < 14.10.6fixed 14.10.6

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution

  • CVE-2023-29210Apr 15, 2023
    affected >= 13.2-rc-1, < 13.10.11fixed 13.10.11

    XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access t