Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@8.3-milestone-2

Type maven

Namespace org.xwiki.commons

Name xwiki-commons-xml

Version 8.3-milestone-2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 14.10.6

Latest_non_vulnerable_version 15.2-rc-1

Affected_by_vulnerabilities

url VCID-4p5x-b28m-sudw

vulnerability_id VCID-4p5x-b28m-sudw

summary Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24898

reference_id

reference_type

scores

value	0.00127
scoring_system	epss
scoring_elements	0.31675
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24898

reference_url

https://github.com/xwiki/xwiki-commons

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/xwiki/xwiki-commons

reference_url

https://github.com/xwiki/xwiki-commons/commit/947e8921ebd95462d5a7928f397dd1b64f77c7d5

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/xwiki/xwiki-commons/commit/947e8921ebd95462d5a7928f397dd1b64f77c7d5

reference_url

https://jira.xwiki.org/browse/XWIKI-18946

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jira.xwiki.org/browse/XWIKI-18946

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-24898

reference_id

CVE-2022-24898

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-24898

reference_url

https://github.com/advisories/GHSA-m2r5-4w96-qxg5

reference_id

GHSA-m2r5-4w96-qxg5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m2r5-4w96-qxg5

reference_url

https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-m2r5-4w96-qxg5

reference_id

GHSA-m2r5-4w96-qxg5

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-m2r5-4w96-qxg5

fixed_packages

url pkg:maven/org.xwiki.commons/xwiki-commons-xml@12.10.10

purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@12.10.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-73wr-fegr-uqbu

vulnerability	VCID-ed5r-2w4n-wqg6

vulnerability	VCID-gd1j-1vts-3kc5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@12.10.10

url pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.4.4

purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-73wr-fegr-uqbu

vulnerability	VCID-ed5r-2w4n-wqg6

vulnerability	VCID-gd1j-1vts-3kc5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.4.4

url pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.8-rc-1

purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.8-rc-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-73wr-fegr-uqbu

vulnerability	VCID-ed5r-2w4n-wqg6

vulnerability	VCID-gd1j-1vts-3kc5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.8-rc-1

aliases CVE-2022-24898, GHSA-m2r5-4w96-qxg5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4p5x-b28m-sudw

url VCID-73wr-fegr-uqbu

vulnerability_id VCID-73wr-fegr-uqbu

summary XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid HTML comments. As a consequence, any code relying on this "restricted" mode for security is vulnerable to JavaScript injection ("cross-site scripting"/XSS). When a privileged user with programming rights visits such a comment in XWiki, the malicious JavaScript code is executed in the context of the user session. This allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. This problem has been patched in XWiki 14.10, HTML comments are now removed in restricted mode and a check has been introduced that ensures that comments don't start with `>`. There are no known workarounds apart from upgrading to a version including the fix.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-29528

reference_id

reference_type

scores

value	0.03165
scoring_system	epss
scoring_elements	0.87216
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-29528

reference_url

https://github.com/xwiki/xwiki-commons

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/xwiki/xwiki-commons

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-29528

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-29528

reference_url

https://github.com/xwiki/xwiki-commons/commit/8ff1a9d7e5d7b45b690134a537d53dc05cae04ab

reference_id

8ff1a9d7e5d7b45b690134a537d53dc05cae04ab

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-04T21:35:34Z/

url

https://github.com/xwiki/xwiki-commons/commit/8ff1a9d7e5d7b45b690134a537d53dc05cae04ab

reference_url

https://github.com/advisories/GHSA-x37v-36wv-6v6h

reference_id

GHSA-x37v-36wv-6v6h

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x37v-36wv-6v6h

reference_url

https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-x37v-36wv-6v6h

reference_id

GHSA-x37v-36wv-6v6h

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-04T21:35:34Z/

url

https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-x37v-36wv-6v6h

reference_url

https://jira.xwiki.org/browse/XCOMMONS-2568

reference_id

XCOMMONS-2568

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-04T21:35:34Z/

url

https://jira.xwiki.org/browse/XCOMMONS-2568

reference_url

https://jira.xwiki.org/browse/XWIKI-20348

reference_id

XWIKI-20348

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-04T21:35:34Z/

url

https://jira.xwiki.org/browse/XWIKI-20348

fixed_packages

url pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.10

purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8xe7-bku2-73bm

vulnerability	VCID-tcpd-mf43-uyca

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.10

aliases CVE-2023-29528, GHSA-x37v-36wv-6v6h

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-73wr-fegr-uqbu

url VCID-ed5r-2w4n-wqg6

vulnerability_id VCID-ed5r-2w4n-wqg6

summary XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped `<script>` and `<style>`-tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like `<iframe>`. As a consequence, any code relying on this "restricted" mode for security is vulnerable to JavaScript injection ("cross-site scripting"/XSS). When a privileged user with programming rights visits such a comment in XWiki, the malicious JavaScript code is executed in the context of the user session. This allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. This problem has been patched in XWiki 14.6 RC1 with the introduction of a filter with allowed HTML elements and attributes that is enabled in restricted mode. There are no known workarounds apart from upgrading to a version including the fix.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-29201

reference_id

reference_type

scores

value	0.09347
scoring_system	epss
scoring_elements	0.92949
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-29201

reference_url

https://github.com/xwiki/xwiki-commons

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/xwiki/xwiki-commons

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-29201

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-29201

reference_url

https://github.com/xwiki/xwiki-commons/commit/4a185e0594d90cd4916d60aa60bb4333dc5623b2

reference_id

4a185e0594d90cd4916d60aa60bb4333dc5623b2

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T19:58:27Z/

url

https://github.com/xwiki/xwiki-commons/commit/4a185e0594d90cd4916d60aa60bb4333dc5623b2

reference_url

https://github.com/xwiki/xwiki-commons/commit/b11eae9d82cb53f32962056b5faa73f3720c6182

reference_id

b11eae9d82cb53f32962056b5faa73f3720c6182

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T19:58:27Z/

url

https://github.com/xwiki/xwiki-commons/commit/b11eae9d82cb53f32962056b5faa73f3720c6182

reference_url

https://github.com/advisories/GHSA-m3jr-cvhj-f35j

reference_id

GHSA-m3jr-cvhj-f35j

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m3jr-cvhj-f35j

reference_url

https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-m3jr-cvhj-f35j

reference_id

GHSA-m3jr-cvhj-f35j

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T19:58:27Z/

url

https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-m3jr-cvhj-f35j

reference_url

https://jira.xwiki.org/browse/XCOMMONS-1680

reference_id

XCOMMONS-1680

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T19:58:27Z/

url

https://jira.xwiki.org/browse/XCOMMONS-1680

reference_url

https://jira.xwiki.org/browse/XCOMMONS-2426

reference_id

XCOMMONS-2426

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T19:58:27Z/

url

https://jira.xwiki.org/browse/XCOMMONS-2426

reference_url

https://jira.xwiki.org/browse/XWIKI-9118

reference_id

XWIKI-9118

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T19:58:27Z/

url

https://jira.xwiki.org/browse/XWIKI-9118

fixed_packages

url pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.6-rc-1

purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.6-rc-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-73wr-fegr-uqbu

vulnerability	VCID-8xe7-bku2-73bm

vulnerability	VCID-gd1j-1vts-3kc5

vulnerability	VCID-tcpd-mf43-uyca

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.6-rc-1

aliases CVE-2023-29201, GHSA-m3jr-cvhj-f35j

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ed5r-2w4n-wqg6

url VCID-gd1j-1vts-3kc5

vulnerability_id VCID-gd1j-1vts-3kc5

summary XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places where short text properties are displayed, e.g., in apps created using Apps Within Minutes that use a short text field. The problem has been patched on versions 13.10.9, 14.4.4, 14.7RC1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26055

reference_id

reference_type

scores

value	0.04897
scoring_system	epss
scoring_elements	0.89825
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26055

reference_url

https://github.com/xwiki/xwiki-commons

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/xwiki/xwiki-commons

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-26055

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-26055

reference_url

https://github.com/advisories/GHSA-8cw6-4r32-6r3h

reference_id

GHSA-8cw6-4r32-6r3h

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8cw6-4r32-6r3h

reference_url

https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-8cw6-4r32-6r3h

reference_id

GHSA-8cw6-4r32-6r3h

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:39:11Z/

url

https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-8cw6-4r32-6r3h

reference_url

https://jira.xwiki.org/browse/XCOMMONS-2498

reference_id

XCOMMONS-2498

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:39:11Z/

url

https://jira.xwiki.org/browse/XCOMMONS-2498

reference_url

https://jira.xwiki.org/browse/XWIKI-19793

reference_id

XWIKI-19793

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:39:11Z/

url

https://jira.xwiki.org/browse/XWIKI-19793

reference_url

https://jira.xwiki.org/browse/XWIKI-19794

reference_id

XWIKI-19794

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:39:11Z/

url

https://jira.xwiki.org/browse/XWIKI-19794

fixed_packages

url pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.10.9

purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.10.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-73wr-fegr-uqbu

vulnerability	VCID-ed5r-2w4n-wqg6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.10.9

url pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.4.4

purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-73wr-fegr-uqbu

vulnerability	VCID-ed5r-2w4n-wqg6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.4.4

url pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.7-rc-1

purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.7-rc-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-73wr-fegr-uqbu

vulnerability	VCID-8xe7-bku2-73bm

vulnerability	VCID-tcpd-mf43-uyca

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.7-rc-1

aliases CVE-2023-26055, GHSA-8cw6-4r32-6r3h

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gd1j-1vts-3kc5

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@8.3-milestone-2

Package Instance