Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/45233?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/45233?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@13.0", "type": "maven", "namespace": "org.xwiki.platform", "name": "xwiki-platform-oldcore", "version": "13.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "13.2-rc-1", "latest_non_vulnerable_version": "17.10.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12617?format=api", "vulnerability_id": "VCID-6xht-gkrh-v7fg", "summary": "Missing Authorization\nXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20536", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20323", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20594", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20373", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20375", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20374", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20385", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20441", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20486", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20462", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20404", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23617" }, { "reference_url": "https://github.com/xwiki/xwiki-platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/30c52b01559b8ef5ed1035dac7c34aaf805764d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform/commit/30c52b01559b8ef5ed1035dac7c34aaf805764d5" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/b35ef0edd4f2ff2c974cbeef6b80fcf9b5a44554", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform/commit/b35ef0edd4f2ff2c974cbeef6b80fcf9b5a44554" }, { "reference_url": "https://jira.xwiki.org/browse/XWIKI-18430", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jira.xwiki.org/browse/XWIKI-18430" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23617", "reference_id": "CVE-2022-23617", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23617" }, { "reference_url": "https://github.com/advisories/GHSA-gf7x-2j2x-7f73", "reference_id": "GHSA-gf7x-2j2x-7f73", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gf7x-2j2x-7f73" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gf7x-2j2x-7f73", "reference_id": "GHSA-gf7x-2j2x-7f73", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gf7x-2j2x-7f73" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45237?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@13.2-rc-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@13.2-rc-1" } ], "aliases": [ "CVE-2022-23617", "GHSA-gf7x-2j2x-7f73" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xht-gkrh-v7fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12788?format=api", "vulnerability_id": "VCID-yxrz-ypx2-q7hh", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nXWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it's possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that the default configuration does not allow to display the SVG files in the browser. Users are advised to update or to disallow uploads of SVG files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64302", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.6436", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64369", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64357", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64322", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64351", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64362", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64245", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.6435", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64335", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64287", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.6433", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43841" }, { "reference_url": "https://github.com/xwiki/xwiki-platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/5853d492b3a274db0d94d560e2a5ea988a271c62", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:33Z/" } ], "url": "https://github.com/xwiki/xwiki-platform/commit/5853d492b3a274db0d94d560e2a5ea988a271c62" }, { "reference_url": "https://jira.xwiki.org/browse/XWIKI-18368", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:33Z/" } ], "url": "https://jira.xwiki.org/browse/XWIKI-18368" }, { "reference_url": "https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Attachments#HAttachmentdisplayordownload", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:33Z/" } ], "url": "https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Attachments#HAttachmentdisplayordownload" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43841", "reference_id": "CVE-2021-43841", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43841" }, { "reference_url": "https://github.com/advisories/GHSA-9jq9-c2cv-pcrj", "reference_id": "GHSA-9jq9-c2cv-pcrj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9jq9-c2cv-pcrj" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq9-c2cv-pcrj", "reference_id": "GHSA-9jq9-c2cv-pcrj", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:33Z/" } ], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq9-c2cv-pcrj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45211?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@13.3RC1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@13.3RC1" } ], "aliases": [ "CVE-2021-43841", "GHSA-9jq9-c2cv-pcrj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yxrz-ypx2-q7hh" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12702?format=api", "vulnerability_id": "VCID-q5t9-725x-dkb1", "summary": "Partial authorization bypass on document save in xwiki-platform\nXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. This has been patched in XWiki 13.0. Users are advised to update to resolve this issue. The only known workaround is to limit SCRIPT access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23615", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14719", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14577", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14512", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14506", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14615", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1467", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14707", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14747", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14599", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14793", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23615" }, { "reference_url": "https://github.com/xwiki/xwiki-platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46a1c9bbbe", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46a1c9bbbe" }, { "reference_url": "https://jira.xwiki.org/browse/XWIKI-5024", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jira.xwiki.org/browse/XWIKI-5024" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23615", "reference_id": "CVE-2022-23615", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23615" }, { "reference_url": "https://github.com/advisories/GHSA-f4cj-3q3h-884r", "reference_id": "GHSA-f4cj-3q3h-884r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4cj-3q3h-884r" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884r", "reference_id": "GHSA-f4cj-3q3h-884r", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45233?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6xht-gkrh-v7fg" }, { "vulnerability": "VCID-yxrz-ypx2-q7hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@13.0" } ], "aliases": [ "CVE-2022-23615", "GHSA-f4cj-3q3h-884r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q5t9-725x-dkb1" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@13.0" }