VYPR

Maven package

org.xwiki.platform/xwiki-platform-uiextension-api

pkg:maven/org.xwiki.platform/xwiki-platform-uiextension-api

Vulnerabilities (1)

  • CVE-2024-31997Apr 10, 2024
    affected < 14.10.19fixed 14.10.19

    XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create