VYPR

Maven package

org.xwiki.platform/xwiki-platform-web

pkg:maven/org.xwiki.platform/xwiki-platform-web

Vulnerabilities (15)

  • CVE-2026-26000Feb 12, 2026
    affected >= 17.5.0, < 17.9.0fixed 17.9.0

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. This vulnerabi

  • CVE-2023-45137Oct 25, 2023
    affected >= 3.1-milestone-2, < 13.4-rc-1fixed 13.4-rc-1

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as `org.xwiki.platform:xwiki-platform-web-templates` prior

  • CVE-2023-45135Oct 25, 2023
    affected >= 7.2-milestone-2, < 14.10.12fixed 14.10.12

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In `org.xwiki.platform:xwiki-platform-web` versions 7.2-milestone-2 until 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc

  • CVE-2023-45134Oct 25, 2023
    affected >= 3.1-milestone-1, < 13.4-rc-1fixed 13.4-rc-1

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-1 and prior to 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.2

  • CVE-2023-34464Jun 23, 2023
    affected >= 2.2.1, < 14.4.8fixed 14.4.8

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xw

  • CVE-2023-29207Apr 15, 2023
    affected >= 1.9-milestone-2, < 13.10.10fixed 13.10.10

    XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro

  • CVE-2023-26473Mar 2, 2023
    affected >= 1.3-rc-1, < 13.10.11fixed 13.10.11

    XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulne

  • CVE-2022-36094Sep 8, 2022
    affected >= 1.0, < 13.10.6fixed 13.10.6

    XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it's possible to store JavaScript which will be executed by anyone viewing the history of an attachment co

  • CVE-2022-36093Sep 8, 2022
    affected >= 8.0-rc-1, < 13.10.5fixed 13.10.5

    XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Befo

  • CVE-2022-36091Sep 8, 2022
    affected >= 14.0, < 14.2fixed 14.2

    XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be accessed in versions prior to 13.10.4 and 14.2. This includes private personal in

  • CVE-2022-24820Apr 8, 2022
    affected < 12.10.11fixed 12.10.11

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11

  • CVE-2022-23619Feb 9, 2022
    affected >= 13.5RC1, < 13.6RC1fixed 13.6RC1

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. This prob

  • CVE-2021-32731Jul 1, 2021
    affected >= 13.1, < 13.2fixed 13.2

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) versions 13.1RC1 and 13.1, the reset password form reveals the email address of users just by giving their username. The problem has been patched on XW

  • CVE-2021-29459Apr 20, 2021
    affected < 12.6.3fixed 12.6.3

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their per

  • CVE-2020-13654Dec 31, 2020
    affected < 12.8fixed 12.8

    XWiki Platform before 12.8 mishandles escaping in the property displayer.