VYPR

Maven package

org.xwiki.platform/xwiki-platform-skin-skinx

pkg:maven/org.xwiki.platform/xwiki-platform-skin-skinx

Vulnerabilities (4)

  • CVE-2025-55748Sep 3, 2025
    affected >= 4.2-milestone-2, < 16.10.7fixed 16.10.7

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URL

  • CVE-2023-29206Apr 15, 2023
    affected >= 3.0-milestone-1, < 14.9-rc-1fixed 14.9-rc-1

    XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object a

  • CVE-2022-24821Apr 8, 2022
    affected >= 13.5.0, < 13.10fixed 13.10

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywher

  • CVE-2022-23620Feb 9, 2022
    affected >= 6.2-rc-1, < 13.6fixed 13.6

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible