Maven package
org.xwiki.platform/xwiki-platform-security-requiredrights-default
pkg:maven/org.xwiki.platform/xwiki-platform-security-requiredrights-default
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-49585 | — | < 15.10.16 | 15.10.16 | Jun 13, 2025 | XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass definition in XWiki (requires edit right), and that same document is later edited by | ||
| CVE-2025-49582 | — | >= 15.9-rc-1, < 16.4.7 | 16.4.7 | Jun 13, 2025 | XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger t | ||
| CVE-2025-32974 | — | >= 15.9-rc-1, < 15.10.8 | 15.10.8 | Apr 30, 2025 | XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is cont |
- CVE-2025-49585Jun 13, 2025affected < 15.10.16fixed 15.10.16
XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass definition in XWiki (requires edit right), and that same document is later edited by
- CVE-2025-49582Jun 13, 2025affected >= 15.9-rc-1, < 16.4.7fixed 16.4.7
XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger t
- CVE-2025-32974Apr 30, 2025affected >= 15.9-rc-1, < 15.10.8fixed 15.10.8
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is cont