Maven package
org.xwiki.platform/xwiki-platform-skin-skinx
pkg:maven/org.xwiki.platform/xwiki-platform-skin-skinx
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-55748 | — | >= 4.2-milestone-2, < 16.10.7 | 16.10.7 | Sep 3, 2025 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URL | ||
| CVE-2023-29206 | — | >= 3.0-milestone-1, < 14.9-rc-1 | 14.9-rc-1 | Apr 15, 2023 | XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object a | ||
| CVE-2022-24821 | — | >= 13.5.0, < 13.10 | 13.10 | Apr 8, 2022 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywher | ||
| CVE-2022-23620 | — | >= 6.2-rc-1, < 13.6 | 13.6 | Feb 9, 2022 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible |
- CVE-2025-55748Sep 3, 2025affected >= 4.2-milestone-2, < 16.10.7fixed 16.10.7
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URL
- CVE-2023-29206Apr 15, 2023affected >= 3.0-milestone-1, < 14.9-rc-1fixed 14.9-rc-1
XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object a
- CVE-2022-24821Apr 8, 2022affected >= 13.5.0, < 13.10fixed 13.10
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywher
- CVE-2022-23620Feb 9, 2022affected >= 6.2-rc-1, < 13.6fixed 13.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible