VYPR

Maven package

org.xwiki.platform/xwiki-platform-scheduler-ui

pkg:maven/org.xwiki.platform/xwiki-platform-scheduler-ui

Vulnerabilities (4)

  • CVE-2024-55876Dec 12, 2024
    affected >= 1.2-milestone-2, < 15.10.9fixed 15.10.9

    XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view

  • CVE-2024-31986Apr 10, 2024
    affected >= 3.1, < 14.10.19fixed 14.10.19

    XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the s

  • CVE-2024-31985Apr 10, 2024
    affected >= 3.1, < 14.10.19fixed 14.10.19

    XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embeddin

  • CVE-2023-29524Apr 18, 2023
    affected >= 2.0.1, < 14.10.3fixed 14.10.3

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object e