Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.xwiki.platform/xwiki-platform-rendering-async-macro@14.5
Typemaven
Namespaceorg.xwiki.platform
Namexwiki-platform-rendering-async-macro
Version14.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version14.9
Latest_non_vulnerable_version14.10.3
Affected_by_vulnerabilities
0
url VCID-gx1c-g91h-w3fs
vulnerability_id VCID-gx1c-g91h-w3fs
summary 
XWiki Platform users may execute anything with superadmin right through comments and async macro
XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but the async macro does not take into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki content with the right of superadmin. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10. The only known workaround consists of applying a patch and rebuilding and redeploying `org.xwiki.platform:xwiki-platform-rendering-async-macro`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26471
reference_id
reference_type
scores
0
value 0.11049
scoring_system epss
scoring_elements 0.93415
published_at 2026-04-02T12:55:00Z
1
value 0.11049
scoring_system epss
scoring_elements 0.93476
published_at 2026-04-24T12:55:00Z
2
value 0.11049
scoring_system epss
scoring_elements 0.93473
published_at 2026-04-29T12:55:00Z
3
value 0.11049
scoring_system epss
scoring_elements 0.93467
published_at 2026-04-18T12:55:00Z
4
value 0.11049
scoring_system epss
scoring_elements 0.93462
published_at 2026-04-16T12:55:00Z
5
value 0.11049
scoring_system epss
scoring_elements 0.93442
published_at 2026-04-13T12:55:00Z
6
value 0.11049
scoring_system epss
scoring_elements 0.93441
published_at 2026-04-12T12:55:00Z
7
value 0.11049
scoring_system epss
scoring_elements 0.93435
published_at 2026-04-09T12:55:00Z
8
value 0.11049
scoring_system epss
scoring_elements 0.93432
published_at 2026-04-08T12:55:00Z
9
value 0.11049
scoring_system epss
scoring_elements 0.93424
published_at 2026-04-07T12:55:00Z
10
value 0.11049
scoring_system epss
scoring_elements 0.93423
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26471
1
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform
2
reference_url https://github.com/xwiki/xwiki-platform/commit/00532d9f1404287cf3ec3a05056640d809516006
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T19:53:58Z/
url https://github.com/xwiki/xwiki-platform/commit/00532d9f1404287cf3ec3a05056640d809516006
3
reference_url https://jira.xwiki.org/browse/XWIKI-20234
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T19:53:58Z/
url https://jira.xwiki.org/browse/XWIKI-20234
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26471
reference_id CVE-2023-26471
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26471
5
reference_url https://github.com/advisories/GHSA-9cqm-5wf7-wcj7
reference_id GHSA-9cqm-5wf7-wcj7
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9cqm-5wf7-wcj7
6
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9cqm-5wf7-wcj7
reference_id GHSA-9cqm-5wf7-wcj7
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T19:53:58Z/
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9cqm-5wf7-wcj7
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-rendering-async-macro@14.9
purl pkg:maven/org.xwiki.platform/xwiki-platform-rendering-async-macro@14.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-rendering-async-macro@14.9
aliases CVE-2023-26471, GHSA-9cqm-5wf7-wcj7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gx1c-g91h-w3fs
1
url VCID-vqgg-gxsf-tqh1
vulnerability_id VCID-vqgg-gxsf-tqh1
summary 
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be executed when viewed providing a code injection vector in the context of the running server. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29526
reference_id
reference_type
scores
0
value 0.02234
scoring_system epss
scoring_elements 0.84502
published_at 2026-04-07T12:55:00Z
1
value 0.02234
scoring_system epss
scoring_elements 0.84548
published_at 2026-04-11T12:55:00Z
2
value 0.02234
scoring_system epss
scoring_elements 0.84529
published_at 2026-04-09T12:55:00Z
3
value 0.02234
scoring_system epss
scoring_elements 0.84523
published_at 2026-04-08T12:55:00Z
4
value 0.02234
scoring_system epss
scoring_elements 0.84481
published_at 2026-04-02T12:55:00Z
5
value 0.02234
scoring_system epss
scoring_elements 0.845
published_at 2026-04-04T12:55:00Z
6
value 0.02234
scoring_system epss
scoring_elements 0.84559
published_at 2026-04-18T12:55:00Z
7
value 0.02234
scoring_system epss
scoring_elements 0.84538
published_at 2026-04-13T12:55:00Z
8
value 0.02234
scoring_system epss
scoring_elements 0.84543
published_at 2026-04-12T12:55:00Z
9
value 0.1074
scoring_system epss
scoring_elements 0.93362
published_at 2026-04-26T12:55:00Z
10
value 0.1074
scoring_system epss
scoring_elements 0.93366
published_at 2026-04-24T12:55:00Z
11
value 0.1074
scoring_system epss
scoring_elements 0.93361
published_at 2026-04-21T12:55:00Z
12
value 0.22506
scoring_system epss
scoring_elements 0.95862
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29526
1
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform
2
reference_url https://jira.xwiki.org/browse/XRENDERING-694
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:45:02Z/
url https://jira.xwiki.org/browse/XRENDERING-694
3
reference_url https://jira.xwiki.org/browse/XWIKI-20394
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:45:02Z/
url https://jira.xwiki.org/browse/XWIKI-20394
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29526
reference_id CVE-2023-29526
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29526
5
reference_url https://github.com/advisories/GHSA-gpq5-7p34-vqx5
reference_id GHSA-gpq5-7p34-vqx5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gpq5-7p34-vqx5
6
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5
reference_id GHSA-gpq5-7p34-vqx5
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:45:02Z/
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-rendering-async-macro@14.10.3
purl pkg:maven/org.xwiki.platform/xwiki-platform-rendering-async-macro@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-rendering-async-macro@14.10.3
aliases CVE-2023-29526, GHSA-gpq5-7p34-vqx5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqgg-gxsf-tqh1
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-rendering-async-macro@14.5