VYPR

Maven package

org.xwiki.platform/xwiki-platform-web-war

pkg:maven/org.xwiki.platform/xwiki-platform-web-war

Vulnerabilities (1)

  • CVE-2024-37900Jul 31, 2024
    affected >= 4.2-milestone-3, < 14.10.21fixed 14.10.21

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading