VYPR

Maven package

org.xwiki.platform/xwiki-platform-web-templates

pkg:maven/org.xwiki.platform/xwiki-platform-web-templates

Vulnerabilities (23)

  • CVE-2026-40105MedApr 15, 2026
    affected >= 10.4-rc-1, < 16.10.16fixed 16.10.16

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 10.4-rc-1, through 16.10.15, 17.0.0-rc-1, through 17.4.7 and 17.5.0-rc-1 through 17.10.0 contain a reflected cross-site scripting vulnerability (XSS) in the comparis

  • CVE-2026-24128Jan 23, 2026
    affected >= 7.0-milestone-2, < 16.10.12fixed 16.10.12

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2 through 16.10.11, 17.0.0-rc-1 through 17.4.4, and 17.5.0-rc-1 through 17.7.0 contain a reflected Cross-site Scripting (XSS) vulnerability, which allow

  • CVE-2025-66472Dec 10, 2025
    affected >= 6.2-milestone-1, < 16.10.10fixed 16.10.10

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a re

  • CVE-2025-32430Aug 5, 2025
    affected >= 4.2-milestone-3, < 16.4.8fixed 16.4.8

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulnerabilities, allowing an attack

  • CVE-2024-43401Aug 19, 2024
    affected < 15.10-rc-1fixed 15.10-rc-1

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights

  • CVE-2024-41947Jul 31, 2024
    affected >= 11.8-rc-1, < 15.10.8fixed 15.10.8

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compr

  • CVE-2023-45137Oct 25, 2023
    affected < 14.10.12fixed 14.10.12

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as `org.xwiki.platform:xwiki-platform-web-templates` prior

  • CVE-2023-45136Oct 25, 2023
    affected >= 12.0-rc-1, < 14.10.12fixed 14.10.12

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulne

  • CVE-2023-45135Oct 25, 2023
    affected < 14.10.12fixed 14.10.12

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In `org.xwiki.platform:xwiki-platform-web` versions 7.2-milestone-2 until 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc

  • CVE-2023-45134Oct 25, 2023
    affected < 14.10.12fixed 14.10.12

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-1 and prior to 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.2

  • CVE-2023-40176Aug 23, 2023
    affected >= 4.1-milestone-2, < 14.10.5fixed 14.10.5

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is sele

  • CVE-2023-35160Jun 23, 2023
    affected >= 2.5-milestone-2, < 14.10.5fixed 14.10.5

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the resubmit template to perform a XSS, e.g. by using U

  • CVE-2023-35159Jun 23, 2023
    affected >= 3.4-milestone-1, < 14.10.5fixed 14.10.5

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the deletespace template to perform a XSS, e.g. by usin

  • CVE-2023-34464Jun 23, 2023
    affected < 14.4.8fixed 14.4.8

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xw

  • CVE-2023-29513Apr 18, 2023
    affected >= 8.0-rc-1, < 14.10.1fixed 14.10.1

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It's possible to create a new user using the `distribution/firstadminuser.wiki` in the wrong context. This vulnerability has been patc

  • CVE-2023-29512Apr 18, 2023
    affected >= 1.0B1, < 13.10.11fixed 13.10.11

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation

  • CVE-2023-29207Apr 15, 2023
    affected >= 1.9-milestone-2, < 13.10.10fixed 13.10.10

    XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro

  • CVE-2023-29203Apr 15, 2023
    affected >= 13.9-rc-1, < 13.10.8fixed 13.10.8

    XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgsuggest.vm`. This issue only concerns hidd

  • CVE-2022-36095Sep 8, 2022
    affected >= 2.0-milestone-1, < 13.10.5fixed 13.10.5

    XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally

  • CVE-2022-36093Sep 8, 2022
    affected < 13.10.5fixed 13.10.5

    XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Befo

Page 1 of 2