VulnerableCode Package Details - pkg:maven/org.xwiki.rendering/xwiki-rendering-syntax-html@12.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.xwiki.rendering/xwiki-rendering-syntax-html@12.2

purl	pkg:maven/org.xwiki.rendering/xwiki-rendering-syntax-html@12.2

Next non-vulnerable version	14.6-rc-1
Latest non-vulnerable version	14.6-rc-1
Risk	4.5

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-cst3-k5z1-t7bm Aliases: CVE-2023-32070 GHSA-6gf5-c898-7rxp	XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. There are no known workarounds apart from upgrading to a fixed version.	14.6-rc-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T18:55:04.076631+00:00	GitLab Importer	Affected by	VCID-cst3-k5z1-t7bm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.xwiki.rendering/xwiki-rendering-syntax-html/CVE-2023-32070.yml	38.6.0