pkg:Maven/org.xwiki.platform:xwiki-platform-legacy-oldcore

All known vulnerabilities

• CRITICAL9.9CVE-2023-26474XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
  >= 13.10, < 13.10.11
• HIGH8.2CVE-2026-40104XWiki's REST APIs can list all pages/spaces, leading to unavailability
  >= 1.8-rc-1, < 16.10.16
• —CVE-2026-33229XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API
  >= 17.0.0-rc-1, < 17.4.8
• —XWiki exposes passwords and emails stored in fields not named password/email in xml.vm
  >= 1.1, < 16.4.7
• —XWiki leaks password hashes and other accessible password properties
  >= 9.8-rc-1, < 16.4.7