Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.10.6
Typemaven
Namespaceorg.xwiki.platform
Namexwiki-platform-oldcore
Version15.10.6
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version15.10.16
Latest_non_vulnerable_version17.10.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4mj5-repk-zyg2
vulnerability_id VCID-4mj5-repk-zyg2
summary 
XWiki Platform vulnerable to document deletion and overwrite from edit
### Impact

When a user has edit but not view right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the page is moved into the recycle bin and can be restored from there by an admin. As the user is recorded as deleter, the user would in theory also be able to view the deleted content, but this is not directly possible as rights of the previous version are transferred to the new page and thus the user still doesn't have view right on the page. From all we examined, it therefore doesn't seem to be possible to exploit this to gain any rights.

To reproduce, just replace `view` by `edit` in the URL of a page that you cannot view but edit and save. This should send the page to the recycle bin and replace it by an empty one if the XWiki installation is vulnerable. After the fix, an error is displayed when saving.

### Patches
This has been patched in XWiki 14.10.21, 15.5.5 and 15.10.6 by cancelling save operations by users when a new document shall be saved despite the document's existing already.

### Workarounds
We're not aware of any workarounds.

### References
* https://jira.xwiki.org/browse/XWIKI-21553
* https://github.com/xwiki/xwiki-platform/commit/c5efc1e519e710afdf3c5f40c0fcc300ad77149f
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37898
reference_id
reference_type
scores
0
value 0.00174
scoring_system epss
scoring_elements 0.38828
published_at 2026-04-08T12:55:00Z
1
value 0.00174
scoring_system epss
scoring_elements 0.3873
published_at 2026-04-21T12:55:00Z
2
value 0.00174
scoring_system epss
scoring_elements 0.3881
published_at 2026-04-18T12:55:00Z
3
value 0.00174
scoring_system epss
scoring_elements 0.38832
published_at 2026-04-16T12:55:00Z
4
value 0.00174
scoring_system epss
scoring_elements 0.38787
published_at 2026-04-13T12:55:00Z
5
value 0.00174
scoring_system epss
scoring_elements 0.38815
published_at 2026-04-12T12:55:00Z
6
value 0.00174
scoring_system epss
scoring_elements 0.38851
published_at 2026-04-11T12:55:00Z
7
value 0.00174
scoring_system epss
scoring_elements 0.38839
published_at 2026-04-09T12:55:00Z
8
value 0.00174
scoring_system epss
scoring_elements 0.38776
published_at 2026-04-07T12:55:00Z
9
value 0.00174
scoring_system epss
scoring_elements 0.38827
published_at 2026-04-02T12:55:00Z
10
value 0.00174
scoring_system epss
scoring_elements 0.38847
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37898
1
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform
2
reference_url https://github.com/xwiki/xwiki-platform/commit/0bc27d6ec63c8a505ff950e2d1792cb4f773c22e
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T17:33:15Z/
url https://github.com/xwiki/xwiki-platform/commit/0bc27d6ec63c8a505ff950e2d1792cb4f773c22e
3
reference_url https://github.com/xwiki/xwiki-platform/commit/56f5d8aab7371d5ba891168f73890806551322c5
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T17:33:15Z/
url https://github.com/xwiki/xwiki-platform/commit/56f5d8aab7371d5ba891168f73890806551322c5
4
reference_url https://github.com/xwiki/xwiki-platform/commit/c5efc1e519e710afdf3c5f40c0fcc300ad77149f
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T17:33:15Z/
url https://github.com/xwiki/xwiki-platform/commit/c5efc1e519e710afdf3c5f40c0fcc300ad77149f
5
reference_url https://github.com/xwiki/xwiki-platform/commit/e4968fe268e5644ffd9bfa4ef6257d2796446009
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T17:33:15Z/
url https://github.com/xwiki/xwiki-platform/commit/e4968fe268e5644ffd9bfa4ef6257d2796446009
6
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-33gp-gmg3-hfpq
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T17:33:15Z/
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-33gp-gmg3-hfpq
7
reference_url https://jira.xwiki.org/browse/XWIKI-21553
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T17:33:15Z/
url https://jira.xwiki.org/browse/XWIKI-21553
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37898
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37898
9
reference_url https://github.com/advisories/GHSA-33gp-gmg3-hfpq
reference_id GHSA-33gp-gmg3-hfpq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-33gp-gmg3-hfpq
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@14.10.21
purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@14.10.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@14.10.21
1
url pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.5.5
purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.5.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.5.5
2
url pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.10.6
purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.10.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.10.6
aliases CVE-2024-37898, GHSA-33gp-gmg3-hfpq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4mj5-repk-zyg2
1
url VCID-q2b9-583a-9yd9
vulnerability_id VCID-q2b9-583a-9yd9
summary 
XWiki Platform allows remote code execution from user account
### Impact
When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account.

To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger("attacker").error("Hello from Groovy!"){{/groovy}}`.
As an admin, go to the user profile and click the "Disable this account" button.
Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable.

### Patches
This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.

### Workarounds
We're not aware of any workaround except upgrading.

### References
* https://jira.xwiki.org/browse/XWIKI-21611
* https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37899
reference_id
reference_type
scores
0
value 0.14126
scoring_system epss
scoring_elements 0.94333
published_at 2026-04-02T12:55:00Z
1
value 0.14126
scoring_system epss
scoring_elements 0.94344
published_at 2026-04-07T12:55:00Z
2
value 0.14126
scoring_system epss
scoring_elements 0.94343
published_at 2026-04-04T12:55:00Z
3
value 0.14126
scoring_system epss
scoring_elements 0.94386
published_at 2026-04-21T12:55:00Z
4
value 0.14126
scoring_system epss
scoring_elements 0.94384
published_at 2026-04-18T12:55:00Z
5
value 0.14126
scoring_system epss
scoring_elements 0.94378
published_at 2026-04-16T12:55:00Z
6
value 0.14126
scoring_system epss
scoring_elements 0.94363
published_at 2026-04-13T12:55:00Z
7
value 0.14126
scoring_system epss
scoring_elements 0.94362
published_at 2026-04-12T12:55:00Z
8
value 0.14126
scoring_system epss
scoring_elements 0.94361
published_at 2026-04-11T12:55:00Z
9
value 0.14126
scoring_system epss
scoring_elements 0.94358
published_at 2026-04-09T12:55:00Z
10
value 0.14126
scoring_system epss
scoring_elements 0.94353
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37899
1
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform
2
reference_url https://github.com/xwiki/xwiki-platform/commit/046c36519a2df392c922c16d0d38472b98c414d0
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform/commit/046c36519a2df392c922c16d0d38472b98c414d0
3
reference_url https://github.com/xwiki/xwiki-platform/commit/233b08b26580df4b7a595882dac65ed4e4a2419c
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform/commit/233b08b26580df4b7a595882dac65ed4e4a2419c
4
reference_url https://github.com/xwiki/xwiki-platform/commit/2b55c29562ccd20f8f0f85075f0c95b4ee9cd9be
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform/commit/2b55c29562ccd20f8f0f85075f0c95b4ee9cd9be
5
reference_url https://github.com/xwiki/xwiki-platform/commit/f8409419c5d0ddefe1bee55e73629a54275fa735
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform/commit/f8409419c5d0ddefe1bee55e73629a54275fa735
6
reference_url https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-27T18:36:25Z/
url https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a
7
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-27T18:36:25Z/
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93
8
reference_url https://jira.xwiki.org/browse/XWIKI-21611
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-27T18:36:25Z/
url https://jira.xwiki.org/browse/XWIKI-21611
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37899
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37899
10
reference_url https://github.com/advisories/GHSA-j584-j2vj-3f93
reference_id GHSA-j584-j2vj-3f93
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j584-j2vj-3f93
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@14.10.21
purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@14.10.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@14.10.21
1
url pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.5.5
purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.5.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.5.5
2
url pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.10.6
purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.10.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.10.6
3
url pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.0.0
purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.0.0
aliases CVE-2024-37899, GHSA-j584-j2vj-3f93
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2b9-583a-9yd9
2
url VCID-zv2f-hpz1-ruba
vulnerability_id VCID-zv2f-hpz1-ruba
summary 
XWiki Platform allows XSS through XClass name in string properties
### Impact
Is it possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript.
This requires social engineer to trick a user to follow the URL.

#### Reproduction steps

1. As a user without script or programming right, create a (non-terminal) document named `" + alert(1) + "` (the quotes need to be part of the name).
1. Edit the class.
1. Add a string property named `"test"`.
1. Edit using the object editor and add an object of the created class
1. Get an admin to open `<xwiki-server>/xwiki/bin/view/%22%20%2B%20alert(1)%20%2B%20%22/?viewer=display&type=object&property=%22%20%2B%20alert(1)%20%2B%20%22.WebHome.test&mode=edit` where `<xwiki-server>` is the URL of your XWiki installation.

### Patches
This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.

### Workarounds

We're not aware of any workaround except upgrading.

### References
- https://jira.xwiki.org/browse/XWIKI-21810
- https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821268509c
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43400
reference_id
reference_type
scores
0
value 0.05688
scoring_system epss
scoring_elements 0.90363
published_at 2026-04-02T12:55:00Z
1
value 0.05688
scoring_system epss
scoring_elements 0.90414
published_at 2026-04-21T12:55:00Z
2
value 0.05688
scoring_system epss
scoring_elements 0.90416
published_at 2026-04-18T12:55:00Z
3
value 0.05688
scoring_system epss
scoring_elements 0.90417
published_at 2026-04-16T12:55:00Z
4
value 0.05688
scoring_system epss
scoring_elements 0.90407
published_at 2026-04-12T12:55:00Z
5
value 0.05688
scoring_system epss
scoring_elements 0.904
published_at 2026-04-13T12:55:00Z
6
value 0.05688
scoring_system epss
scoring_elements 0.90393
published_at 2026-04-08T12:55:00Z
7
value 0.05688
scoring_system epss
scoring_elements 0.90379
published_at 2026-04-07T12:55:00Z
8
value 0.05688
scoring_system epss
scoring_elements 0.90375
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43400
1
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform
2
reference_url https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821268509c
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-19T17:17:50Z/
url https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821268509c
3
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wcg9-pgqv-xm5v
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
4
value CRITICAL
scoring_system generic_textual
scoring_elements
5
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-19T17:17:50Z/
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wcg9-pgqv-xm5v
4
reference_url https://jira.xwiki.org/browse/XWIKI-21810
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-19T17:17:50Z/
url https://jira.xwiki.org/browse/XWIKI-21810
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-43400
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-43400
6
reference_url https://github.com/advisories/GHSA-wcg9-pgqv-xm5v
reference_id GHSA-wcg9-pgqv-xm5v
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wcg9-pgqv-xm5v
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@14.10.21
purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@14.10.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@14.10.21
1
url pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.5.5
purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.5.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.5.5
2
url pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.10.6
purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.10.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.10.6
3
url pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.0.0
purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.0.0
aliases CVE-2024-43400, GHSA-wcg9-pgqv-xm5v
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zv2f-hpz1-ruba
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.10.6