Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro@14.9
Typemaven
Namespaceorg.xwiki.platform
Namexwiki-platform-livedata-macro
Version14.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version14.10
Latest_non_vulnerable_version14.10
Affected_by_vulnerabilities
0
url VCID-cawb-zpmc-b3dp
vulnerability_id VCID-cawb-zpmc-b3dp
summary 
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting
A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights.

For instance, by adding the LiveData below in the about section of the profile of a user created by an admin.

```javascript
{{liveData id="movies" properties="title,description"}}
{
"data": {
"count": 1,
"entries": [
{
"title": "Meet John Doe",
"url": "https://www.imdb.com/title/tt0033891/",
"description": "<img onerror='alert(1)' src='foo' />"
}
]
},
"meta": {
"propertyDescriptors": [
{
"id": "title",
"name": "Title",
"visible": true,
"displayer": {"id": "link", "propertyHref": "url"}
},
{
"id": "description",
"name": "Description",
"visible": true,
"displayer": "html"
}
]
}
}
{{/liveData}}
```
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29508
reference_id
reference_type
scores
0
value 0.04439
scoring_system epss
scoring_elements 0.89255
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29508
1
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform
2
reference_url https://jira.xwiki.org/browse/XWIKI-20312
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T16:14:20Z/
url https://jira.xwiki.org/browse/XWIKI-20312
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29508
reference_id CVE-2023-29508
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29508
4
reference_url https://github.com/advisories/GHSA-hmm7-6ph9-8jf2
reference_id GHSA-hmm7-6ph9-8jf2
reference_type
scores
url https://github.com/advisories/GHSA-hmm7-6ph9-8jf2
5
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hmm7-6ph9-8jf2
reference_id GHSA-hmm7-6ph9-8jf2
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T16:14:20Z/
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hmm7-6ph9-8jf2
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro@14.10
purl pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro@14.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro@14.10
aliases CVE-2023-29508, GHSA-hmm7-6ph9-8jf2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cawb-zpmc-b3dp
Fixing_vulnerabilities
0
url VCID-16tw-rke6-7bdp
vulnerability_id VCID-16tw-rke6-7bdp
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26480
reference_id
reference_type
scores
0
value 0.08554
scoring_system epss
scoring_elements 0.92542
published_at 2026-06-04T12:55:00Z
1
value 0.08554
scoring_system epss
scoring_elements 0.92555
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26480
1
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform
2
reference_url https://github.com/xwiki/xwiki-platform/commit/23d5ea9b23e84b5f3d1f1b2d5673fe8c774d0d79
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:50:09Z/
url https://github.com/xwiki/xwiki-platform/commit/23d5ea9b23e84b5f3d1f1b2d5673fe8c774d0d79
3
reference_url https://github.com/xwiki/xwiki-platform/commit/556e7823260b826f344c1a6e95d935774587e028
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:50:09Z/
url https://github.com/xwiki/xwiki-platform/commit/556e7823260b826f344c1a6e95d935774587e028
4
reference_url https://jira.xwiki.org/browse/XWIKI-20143
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:50:09Z/
url https://jira.xwiki.org/browse/XWIKI-20143
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26480
reference_id CVE-2023-26480
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26480
6
reference_url https://github.com/advisories/GHSA-32fq-m2q5-h83g
reference_id GHSA-32fq-m2q5-h83g
reference_type
scores
url https://github.com/advisories/GHSA-32fq-m2q5-h83g
7
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-32fq-m2q5-h83g
reference_id GHSA-32fq-m2q5-h83g
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:50:09Z/
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-32fq-m2q5-h83g
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro@13.10.10
purl pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro@13.10.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cawb-zpmc-b3dp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro@13.10.10
1
url pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro@14.4.7
purl pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro@14.4.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro@14.4.7
2
url pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro@14.9
purl pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro@14.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cawb-zpmc-b3dp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro@14.9
aliases CVE-2023-26480, GHSA-32fq-m2q5-h83g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-16tw-rke6-7bdp
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-livedata-macro@14.9