Search for packages
| purl | pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@14.4.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ka4y-na7f-5kcc
Aliases: CVE-2023-29507 GHSA-pwfv-3cvg-9m4c |
org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking rights. Example of such attack: ``` {{velocity}} $doc.setContent('{{velocity}}$xcontext.context.authorReference{{/velocity}}') $doc.authors.setContentAuthor('xwiki:XWiki.superadmin') $doc.getRenderedContent() {{/velocity}}``` |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T16:59:18.727576+00:00 | GHSA Importer | Affected by | VCID-ka4y-na7f-5kcc | https://github.com/advisories/GHSA-pwfv-3cvg-9m4c | 38.1.0 |