pkg:Maven/org.xwiki.platform:xwiki-platform-web

All known vulnerabilities

• CRITICAL9.6CVE-2021-29459XSS Cross Site Scripting
  from 0, < 12.6.3
• CRITICAL9.0CVE-2023-45137XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages
  >= 3.1-milestone-2, < 13.4-rc-1
• CRITICAL9.0CVE-2023-45135XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
  >= 7.2-milestone-2, < 14.10.12
• CRITICAL9.0XWiki Platform XSS vulnerability from account in the create page form via template provider
  >= 3.1-milestone-1, < 13.4-rc-1
• CRITICAL9.0XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
  >= 2.2.1, < 14.4.8
• HIGH8.9Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro
  >= 1.9-milestone-2, < 13.10.10
• HIGH8.9XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
  >= 1.0, < 13.10.6
• HIGH8.5XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
  >= 8.0-rc-1, < 13.10.5
• HIGH7.5XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor
  >= 14.0, < 14.2
• HIGH7.5Improper escaping in XWiki Platform
  from 0, < 12.8
• MEDIUM6.5Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm
  >= 1.3-rc-1, < 13.10.11
• MEDIUM5.3Unauthenticated user can list hidden document from multiple velocity templates in XWiki
  from 0, < 12.10.11
• MEDIUM5.3Information exposure in xwiki-platform
  >= 13.5RC1, < 13.6RC1
• MEDIUM5.3The reset password form reveal users email address
  >= 13.1, < 13.2
• —XWiki vulnerable to click-jacking through CSS injection in comments
  >= 17.5.0, < 17.9.0