Maven package
org.xwiki.platform/xwiki-platform-search-ui
pkg:maven/org.xwiki.platform/xwiki-platform-search-ui
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-37901 | — | >= 9.2-rc-1, < 14.10.21 | 14.10.21 | Jul 31, 2024 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to the | ||
| CVE-2024-31982 | — | >= 2.4-milestone-1, < 14.10.20 | 14.10.20 | Apr 10, 2024 | XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki o | ||
| CVE-2024-31465 | — | >= 5.2-milestone-2, < 14.10.20 | 14.10.20 | Apr 10, 2024 | XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profil | ||
| CVE-2023-50721 | — | >= 4.5-rc-1, < 14.10.15 | 14.10.15 | Dec 15, 2023 | XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containi |
- CVE-2024-37901Jul 31, 2024affected >= 9.2-rc-1, < 14.10.21fixed 14.10.21
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to the
- CVE-2024-31982Apr 10, 2024affected >= 2.4-milestone-1, < 14.10.20fixed 14.10.20
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki o
- CVE-2024-31465Apr 10, 2024affected >= 5.2-milestone-2, < 14.10.20fixed 14.10.20
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profil
- CVE-2023-50721Dec 15, 2023affected >= 4.5-rc-1, < 14.10.15fixed 14.10.15
XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containi