VYPR

Maven package

org.xwiki.platform/xwiki-platform-search-ui

pkg:maven/org.xwiki.platform/xwiki-platform-search-ui

Vulnerabilities (4)

  • CVE-2024-37901Jul 31, 2024
    affected >= 9.2-rc-1, < 14.10.21fixed 14.10.21

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to the

  • CVE-2024-31982Apr 10, 2024
    affected >= 2.4-milestone-1, < 14.10.20fixed 14.10.20

    XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki o

  • CVE-2024-31465Apr 10, 2024
    affected >= 5.2-milestone-2, < 14.10.20fixed 14.10.20

    XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profil

  • CVE-2023-50721Dec 15, 2023
    affected >= 4.5-rc-1, < 14.10.15fixed 14.10.15

    XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containi