Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.xwiki.platform/xwiki-platform-search-ui@14.10.20
Typemaven
Namespaceorg.xwiki.platform
Namexwiki-platform-search-ui
Version14.10.20
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version14.10.21
Latest_non_vulnerable_version15.10.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-dv6y-9uuj-67a4
vulnerability_id VCID-dv6y-9uuj-67a4
summary 
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
Any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation.

To reproduce on an instance, as a user without script nor programming rights, add an object of type `XWiki.SearchSuggestSourceClass` to your profile page. On this object, set every possible property to `}}}{{async}}{{groovy}}println("Hello from Groovy!"){{/groovy}}{{/async}}` (i.e., name, engine, service, query, limit and icon). Save and display the page, then append `?sheet=XWiki.SearchSuggestSourceSheet` to the URL. If any property displays as `Hello from Groovy!}}}`, then the instance is vulnerable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31465
reference_id
reference_type
scores
0
value 0.3531
scoring_system epss
scoring_elements 0.97129
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31465
1
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform
2
reference_url https://github.com/xwiki/xwiki-platform/commit/0317a3aa78065e66c86fc725976b06bf7f9b446e
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/commit/0317a3aa78065e66c86fc725976b06bf7f9b446e
3
reference_url https://github.com/xwiki/xwiki-platform/commit/2740974c32dbb7cc565546d0f04e2374b32b36f7
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/commit/2740974c32dbb7cc565546d0f04e2374b32b36f7
4
reference_url https://github.com/xwiki/xwiki-platform/commit/6a7f19f6424036fce3d703413137adde950ae809
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/commit/6a7f19f6424036fce3d703413137adde950ae809
5
reference_url https://github.com/xwiki/xwiki-platform/commit/6a7f19f6424036fce3d703413137adde950ae809#diff-67b473d2b6397d65b7726c6a13555850b11b10128321adf9e627e656e1d130a5
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/commit/6a7f19f6424036fce3d703413137adde950ae809#diff-67b473d2b6397d65b7726c6a13555850b11b10128321adf9e627e656e1d130a5
6
reference_url https://jira.xwiki.org/browse/XWIKI-21474
reference_id
reference_type
scores
url https://jira.xwiki.org/browse/XWIKI-21474
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-31465
reference_id CVE-2024-31465
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-31465
8
reference_url https://github.com/advisories/GHSA-34fj-r5gq-7395
reference_id GHSA-34fj-r5gq-7395
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-34fj-r5gq-7395
9
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-34fj-r5gq-7395
reference_id GHSA-34fj-r5gq-7395
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-34fj-r5gq-7395
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@14.10.20
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@14.10.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@14.10.20
1
url pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.5.4
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.5.4
2
url pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.10-rc-1
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.10-rc-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.10-rc-1
aliases CVE-2024-31465, GHSA-34fj-r5gq-7395
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dv6y-9uuj-67a4
1
url VCID-j7hm-1eg7-53e2
vulnerability_id VCID-j7hm-1eg7-53e2
summary 
XWiki Platform: Remote code execution as guest via DatabaseSearch
XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31982
reference_id
reference_type
scores
0
value 0.94255
scoring_system epss
scoring_elements 0.99935
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31982
1
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform
2
reference_url https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31
3
reference_url https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8
4
reference_url https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565
5
reference_url https://jira.xwiki.org/browse/XWIKI-21472
reference_id
reference_type
scores
url https://jira.xwiki.org/browse/XWIKI-21472
6
reference_url https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982
reference_id
reference_type
scores
url https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-31982
reference_id CVE-2024-31982
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-31982
8
reference_url https://www.vicarius.io/vsociety/posts/cve-2024-31982-detect-xwiki-vulnerability
reference_id CVE-2024-31982-DETECT-XWIKI-VULNERABILITY
reference_type
scores
url https://www.vicarius.io/vsociety/posts/cve-2024-31982-detect-xwiki-vulnerability
9
reference_url https://www.vicarius.io/vsociety/posts/cve-2024-31982-xwiki-mitigation-vulnerability
reference_id CVE-2024-31982-XWIKI-MITIGATION-VULNERABILITY
reference_type
scores
url https://www.vicarius.io/vsociety/posts/cve-2024-31982-xwiki-mitigation-vulnerability
10
reference_url https://github.com/advisories/GHSA-2858-8cfx-69m9
reference_id GHSA-2858-8cfx-69m9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2858-8cfx-69m9
11
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9
reference_id GHSA-2858-8cfx-69m9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@14.10.20
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@14.10.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@14.10.20
1
url pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.5.4
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.5.4
2
url pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.10-rc-1
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.10-rc-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.10-rc-1
aliases CVE-2024-31982, GHSA-2858-8cfx-69m9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7hm-1eg7-53e2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@14.10.20