Search for packages
| purl | pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@14.10.9 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3ksc-nvrc-6ub3 | Cross-Site Request Forgery (CSRF) XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation. |
CVE-2023-40572
GHSA-4f8m-7h83-9f6m |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T17:00:08.228954+00:00 | GHSA Importer | Fixing | VCID-3ksc-nvrc-6ub3 | https://github.com/advisories/GHSA-4f8m-7h83-9f6m | 38.1.0 |
| 2026-04-01T12:58:30.040487+00:00 | GithubOSV Importer | Fixing | VCID-3ksc-nvrc-6ub3 | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-4f8m-7h83-9f6m/GHSA-4f8m-7h83-9f6m.json | 38.0.0 |
| 2026-04-01T12:51:43.740906+00:00 | GitLab Importer | Fixing | VCID-3ksc-nvrc-6ub3 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.xwiki.platform/xwiki-platform-oldcore/CVE-2023-40572.yml | 38.0.0 |