org.xwiki.platform:xwiki-platform-administration-ui
Maven11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.xwiki.platform:xwiki-platform-administration-uipage 1 of 1
- CVE-2021-32730MEDIUMCVSS 5.7EG 5.7✓ Fixed in 13.22021-07-01
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions prior to 12.10.5, and in versions 13.0 through 13.1. It's possible for f…
- CVE-2021-32732HIGHCVSS 7.5EG 7.5✓ Fixed in 13.2RC12022-02-04
### Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does n…
- CVE-2022-23616HIGHCVSS 8.8EG 8.8✓ Fixed in 13.1RC12022-02-09
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own…
- CVE-2023-29510CRITICALCVSS 9.9EG 9.9✓ Fixed in 14.10.22023-04-19
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can add translations that are only applied to the current user. This also allows overriding existing translations…
- CVE-2023-29511CRITICALCVSS 9.9EG 9.9✓ Fixed in 14.10.12023-04-16
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading…
- CVE-2023-29514CRITICALCVSS 9.9EG 9.9✓ Fixed in 14.10.12023-04-19
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document (e.g., their own user profile) can execute code with programming rights, leading to remote c…
- CVE-2023-46731CRITICALCVSS 10.0EG 10.0✓ Fixed in 15.5.12023-11-06
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows a…
- CVE-2023-50722CRITICALCVSS 9.6EG 9.6✓ Fixed in 15.7-rc-12023-12-15
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sec…
- CVE-2023-50723CRITICALCVSS 9.9EG 9.9✓ Fixed in 15.7-rc-12023-12-15
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missi…
- CVE-2024-21650CRITICALCVSS 10.0EG 10.0✓ Fixed in 15.8-rc-12024-01-08
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to ex…
- CVE-2024-55879CRITICALCVSS 9.1EG 9.1✓ Fixed in 16.3.02024-12-12
XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page.…
Check whether org.xwiki.platform:xwiki-platform-administration-ui is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.xwiki.platform:xwiki-platform-administration-ui CVEs against the assets you own.
Start Free Scan →