Maven package
org.xwiki.platform/xwiki-platform-scheduler-ui
pkg:maven/org.xwiki.platform/xwiki-platform-scheduler-ui
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-55876 | — | >= 1.2-milestone-2, < 15.10.9 | 15.10.9 | Dec 12, 2024 | XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view | ||
| CVE-2024-31986 | — | >= 3.1, < 14.10.19 | 14.10.19 | Apr 10, 2024 | XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the s | ||
| CVE-2024-31985 | — | >= 3.1, < 14.10.19 | 14.10.19 | Apr 10, 2024 | XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embeddin | ||
| CVE-2023-29524 | — | >= 2.0.1, < 14.10.3 | 14.10.3 | Apr 18, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object e |
- CVE-2024-55876Dec 12, 2024affected >= 1.2-milestone-2, < 15.10.9fixed 15.10.9
XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view
- CVE-2024-31986Apr 10, 2024affected >= 3.1, < 14.10.19fixed 14.10.19
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the s
- CVE-2024-31985Apr 10, 2024affected >= 3.1, < 14.10.19fixed 14.10.19
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embeddin
- CVE-2023-29524Apr 18, 2023affected >= 2.0.1, < 14.10.3fixed 14.10.3
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object e