Maven package
org.xwiki.platform/xwiki-platform-notifications-ui
pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-46978 | — | >= 13.2-rc-1, < 14.10.21 | 14.10.21 | Sep 18, 2024 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might | ||
| CVE-2024-46979 | — | >= 13.2-rc-1, < 14.10.21 | 14.10.21 | Sep 18, 2024 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableR | ||
| CVE-2023-36469 | — | >= 9.6-rc-1, < 14.10.6 | 14.10.6 | Jun 29, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution | ||
| CVE-2023-29210 | — | >= 13.2-rc-1, < 13.10.11 | 13.10.11 | Apr 15, 2023 | XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access t |
- CVE-2024-46978Sep 18, 2024affected >= 13.2-rc-1, < 14.10.21fixed 14.10.21
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might
- CVE-2024-46979Sep 18, 2024affected >= 13.2-rc-1, < 14.10.21fixed 14.10.21
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableR
- CVE-2023-36469Jun 29, 2023affected >= 9.6-rc-1, < 14.10.6fixed 14.10.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution
- CVE-2023-29210Apr 15, 2023affected >= 13.2-rc-1, < 13.10.11fixed 13.10.11
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access t