Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.1-rc-1

Type maven

Namespace org.xwiki.platform

Name xwiki-platform-oldcore

Version 15.1-rc-1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 15.2-rc-1

Latest_non_vulnerable_version 17.10.1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-k3dm-pjf6-p3b8

vulnerability_id VCID-k3dm-pjf6-p3b8

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. The vulnerability has been patched in XWiki 15.1-rc-1 and XWiki 14.10.6.

references

reference_url

https://github.com/xwiki/xwiki-platform

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/xwiki/xwiki-platform

reference_url

https://github.com/xwiki/xwiki-platform/commit/35e9073ffec567861e0abeea072bd97921a3decf

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/xwiki/xwiki-platform/commit/35e9073ffec567861e0abeea072bd97921a3decf

reference_url

https://jira.xwiki.org/browse/XWIKI-20339

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jira.xwiki.org/browse/XWIKI-20339

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-35157

reference_id

CVE-2023-35157

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-35157

reference_url	https://github.com/advisories/GHSA-phwm-87rg-27qq
reference_id	GHSA-phwm-87rg-27qq
reference_type
scores
url	https://github.com/advisories/GHSA-phwm-87rg-27qq

reference_url

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-phwm-87rg-27qq

reference_id

GHSA-phwm-87rg-27qq

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-phwm-87rg-27qq

fixed_packages

url	pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@14.10.6
purl	pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@14.10.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@14.10.6

url	pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.1-rc-1
purl	pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.1-rc-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.1-rc-1

aliases CVE-2023-35157, GHSA-phwm-87rg-27qq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k3dm-pjf6-p3b8

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@15.1-rc-1

Package Instance