Maven package
org.xwiki.platform/xwiki-platform-wiki-ui-mainwiki
pkg:maven/org.xwiki.platform/xwiki-platform-wiki-ui-mainwiki
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-29211 | — | >= 5.3-milestone-2, < 13.10.11 | 13.10.11 | Apr 16, 2023 | XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights `WikiManager.DeleteWiki` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper e | ||
| CVE-2023-26476 | — | >= 3.2-m3, < 13.4.4 | 13.4.4 | Mar 2, 2023 | XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and h | ||
| CVE-2022-36099 | — | >= 5.3-milestone-2, < 13.10.6 | 13.10.6 | Sep 8, 2022 | XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script | ||
| CVE-2022-29252 | — | < 12.10.11 | 12.10.11 | May 25, 2022 | XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the "requestJoin" field. The issue is p |
- CVE-2023-29211Apr 16, 2023affected >= 5.3-milestone-2, < 13.10.11fixed 13.10.11
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights `WikiManager.DeleteWiki` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper e
- CVE-2023-26476Mar 2, 2023affected >= 3.2-m3, < 13.4.4fixed 13.4.4
XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and h
- CVE-2022-36099Sep 8, 2022affected >= 5.3-milestone-2, < 13.10.6fixed 13.10.6
XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script
- CVE-2022-29252May 25, 2022affected < 12.10.11fixed 12.10.11
XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the "requestJoin" field. The issue is p