VYPR

Maven package

org.xwiki.platform/xwiki-platform-search-solr-api

pkg:maven/org.xwiki.platform/xwiki-platform-search-solr-api

Vulnerabilities (3)

  • CVE-2025-32971Apr 30, 2025
    affected >= 4.5.1, < 15.10.13fixed 15.10.13

    XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is acces

  • CVE-2023-50719Dec 15, 2023
    affected >= 7.2-milestone-2, < 14.10.15fixed 14.10.15

    XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user

  • CVE-2023-50720Dec 15, 2023
    affected < 14.10.15fixed 14.10.15

    XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*