pkg:Maven/org.xwiki.platform:xwiki-platform-web-templates

All known vulnerabilities

• CRITICAL9.9CVE-2023-29512xwiki-platform-web-templates vulnerable to Eval Injection
  >= 1.0B1, < 13.10.11
• CRITICAL9.6CVE-2023-45136XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled
  >= 12.0-rc-1, < 14.10.12
• CRITICAL9.6XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
  >= 2.5-milestone-2, < 14.10.5
• CRITICAL9.6XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template
  >= 3.4-milestone-1, < 14.10.5
• CRITICAL9.0In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
  from 0, < 15.10-rc-1
• CRITICAL9.0XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
  >= 11.8-rc-1, < 15.10.8
• CRITICAL9.0XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages
  from 0, < 14.10.12
• CRITICAL9.0XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
  from 0, < 14.10.12
• CRITICAL9.0XWiki Platform XSS vulnerability from account in the create page form via template provider
  from 0, < 14.10.12
• CRITICAL9.0XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
  from 0, < 14.4.8
• HIGH8.9Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro
  >= 1.9-milestone-2, < 13.10.10
• HIGH8.5XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
  from 0, < 13.10.5
• HIGH7.5XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor
  >= 1.3, < 13.10.4
• HIGH7.4Cross site scripting in registration template in xwiki-platform
  >= 2.6.1, < 12.10.11
• MEDIUM6.1XWiki has Reflected Cross-Site Scripting (XSS) in page history compare
  >= 10.4-rc-1, < 16.10.16
• MEDIUM5.4XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer
  >= 4.1-milestone-2, < 14.10.5
• MEDIUM5.3Unauthenticated user can retrieve the list of users through uorgsuggest.vm
  from 0, < 12.10.11
• MEDIUM5.0xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro
  >= 8.0-rc-1, < 14.10.1
• MEDIUM4.3XWiki Cross-Site Request Forgery (CSRF) for actions on tags
  >= 2.0-milestone-1, < 13.10.5
• LOW3.7Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
  >= 13.9-rc-1, < 13.10.8
• —XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages
  >= 7.0-milestone-2, < 16.10.12
• —XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication
  >= 6.2-milestone-1, < 16.10.10
• —XWiki allows Reflected XSS in two templates
  >= 4.2-milestone-3, < 16.4.8