Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.5.0-rc-1

Type maven

Namespace org.xwiki.platform

Name xwiki-platform-web-templates

Version 17.5.0-rc-1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 17.8.0-rc-1

Latest_non_vulnerable_version 17.10.1

Affected_by_vulnerabilities

url VCID-nzw2-1md7-fbck

vulnerability_id VCID-nzw2-1md7-fbck

summary XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2 through 16.10.11, 17.0.0-rc-1 through 17.4.4, and 17.5.0-rc-1 through 17.7.0 contain a reflected Cross-site Scripting (XSS) vulnerability, which allows an attacker to craft a malicious URL and execute arbitrary actions with the same privileges as the victim. If the victim has administrative or programming rights, those rights can be exploited to gain full access to the XWiki installation. This issue has been patched in versions 17.8.0-rc-1, 17.4.5 and 16.10.12. To workaround, the patch can be applied manually, only a single line in templates/logging_macros.vm needs to be changed, no restart is required.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24128

reference_id

reference_type

scores

value	0.00073
scoring_system	epss
scoring_elements	0.22215
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24128

reference_url

https://github.com/xwiki/xwiki-platform

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/xwiki/xwiki-platform

reference_url

https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf#diff-8f16efedd19baae025db602d8736a105bfd8f72676af2c935b8195a0c356ee71

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf#diff-8f16efedd19baae025db602d8736a105bfd8f72676af2c935b8195a0c356ee71

reference_url

https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf

reference_id

8337ac8c3b19c37f306723b638b2cae8b0a57dbf

reference_type

scores

value	6.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T17:12:38Z/

url

https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24128

reference_id

CVE-2026-24128

reference_type

scores

value	6.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24128

reference_url

https://github.com/advisories/GHSA-wvqx-m5px-6cmp

reference_id

GHSA-wvqx-m5px-6cmp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wvqx-m5px-6cmp

reference_url

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wvqx-m5px-6cmp

reference_id

GHSA-wvqx-m5px-6cmp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T17:12:38Z/

url

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wvqx-m5px-6cmp

reference_url

https://jira.xwiki.org/browse/XWIKI-23462

reference_id

XWIKI-23462

reference_type

scores

value	6.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T17:12:38Z/

url

https://jira.xwiki.org/browse/XWIKI-23462

reference_url

https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-16.10.12

reference_id

xwiki-platform-16.10.12

reference_type

scores

value	6.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T17:12:38Z/

url

https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-16.10.12

reference_url

https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.4.5

reference_id

xwiki-platform-17.4.5

reference_type

scores

value	6.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T17:12:38Z/

url

https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.4.5

reference_url

https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.8.0-rc-1

reference_id

xwiki-platform-17.8.0-rc-1

reference_type

scores

value	6.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T17:12:38Z/

url

https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.8.0-rc-1

fixed_packages

url	pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.8.0-rc-1
purl	pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.8.0-rc-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.8.0-rc-1

aliases CVE-2026-24128, GHSA-wvqx-m5px-6cmp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzw2-1md7-fbck

url VCID-vra7-eugy-qqgd

vulnerability_id VCID-vra7-eugy-qqgd

summary XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 10.4-rc-1, through 16.10.15, 17.0.0-rc-1, through 17.4.7 and 17.5.0-rc-1 through 17.10.0 contain a reflected cross-site scripting vulnerability (XSS) in the comparison view between revisions of a page allows executing JavaScript code in the user's browser. If the current user is an admin, this can not only affect the current user but also the confidentiality, integrity and availability of the whole XWiki instance. If developers are unable to update immediately, they can apply the patch manually to templates/changesdoc.vm in the deployed WAR.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40105

reference_id

reference_type

scores

value	0.00998
scoring_system	epss
scoring_elements	0.77401
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40105

reference_url

https://github.com/xwiki/xwiki-platform

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/xwiki/xwiki-platform

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-40105

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40105

reference_url

https://github.com/xwiki/xwiki-platform/commit/3c8a2ec985641367015c2db937574fcd360c788c

reference_id

3c8a2ec985641367015c2db937574fcd360c788c

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T14:02:32Z/

url

https://github.com/xwiki/xwiki-platform/commit/3c8a2ec985641367015c2db937574fcd360c788c

reference_url

https://github.com/advisories/GHSA-w4fj-87j5-f25c

reference_id

GHSA-w4fj-87j5-f25c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w4fj-87j5-f25c

reference_url

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-w4fj-87j5-f25c

reference_id

GHSA-w4fj-87j5-f25c

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T14:02:32Z/

url

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-w4fj-87j5-f25c

reference_url

https://jira.xwiki.org/browse/XWIKI-23472

reference_id

XWIKI-23472

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T14:02:32Z/

url

https://jira.xwiki.org/browse/XWIKI-23472

fixed_packages

url	pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.10.1
purl	pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.10.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.10.1

aliases CVE-2026-40105, GHSA-w4fj-87j5-f25c

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vra7-eugy-qqgd

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.5.0-rc-1

Package Instance