Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.xwiki.commons/xwiki-commons-xml@7.2-milestone-2
Typemaven
Namespaceorg.xwiki.commons
Namexwiki-commons-xml
Version7.2-milestone-2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version14.10.6
Latest_non_vulnerable_version15.2-rc-1
Affected_by_vulnerabilities
0
url VCID-b1ra-agjy-zkep
vulnerability_id VCID-b1ra-agjy-zkep
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid HTML comments. As a consequence, any code relying on this "restricted" mode for security is vulnerable to JavaScript injection ("cross-site scripting"/XSS). When a privileged user with programming rights visits such a comment in XWiki, the malicious JavaScript code is executed in the context of the user session. This allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. This problem has been patched in XWiki 14.10, HTML comments are now removed in restricted mode and a check has been introduced that ensures that comments don't start with `>`. There are no known workarounds apart from upgrading to a version including the fix.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29528
reference_id
reference_type
scores
0
value 0.03165
scoring_system epss
scoring_elements 0.8719
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29528
1
reference_url https://github.com/xwiki/xwiki-commons
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-commons
2
reference_url https://github.com/xwiki/xwiki-commons/commit/8ff1a9d7e5d7b45b690134a537d53dc05cae04ab
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-04T21:35:34Z/
url https://github.com/xwiki/xwiki-commons/commit/8ff1a9d7e5d7b45b690134a537d53dc05cae04ab
3
reference_url https://jira.xwiki.org/browse/XCOMMONS-2568
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-04T21:35:34Z/
url https://jira.xwiki.org/browse/XCOMMONS-2568
4
reference_url https://jira.xwiki.org/browse/XWIKI-20348
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-04T21:35:34Z/
url https://jira.xwiki.org/browse/XWIKI-20348
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29528
reference_id CVE-2023-29528
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29528
6
reference_url https://github.com/advisories/GHSA-x37v-36wv-6v6h
reference_id GHSA-x37v-36wv-6v6h
reference_type
scores
url https://github.com/advisories/GHSA-x37v-36wv-6v6h
7
reference_url https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-x37v-36wv-6v6h
reference_id GHSA-x37v-36wv-6v6h
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-04T21:35:34Z/
url https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-x37v-36wv-6v6h
fixed_packages
0
url pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.10
purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-erp8-5mbk-u7eb
1
vulnerability VCID-mt3s-27sj-rqh4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.10
aliases CVE-2023-29528, GHSA-x37v-36wv-6v6h
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1ra-agjy-zkep
1
url VCID-mfgn-fbh9-ykfs
vulnerability_id VCID-mfgn-fbh9-ykfs
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places where short text properties are displayed, e.g., in apps created using Apps Within Minutes that use a short text field. The problem has been patched on versions 13.10.9, 14.4.4, 14.7RC1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26055
reference_id
reference_type
scores
0
value 0.04897
scoring_system epss
scoring_elements 0.89789
published_at 2026-06-05T12:55:00Z
1
value 0.04897
scoring_system epss
scoring_elements 0.89773
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26055
1
reference_url https://github.com/xwiki/xwiki-commons
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-commons
2
reference_url https://jira.xwiki.org/browse/XCOMMONS-2498
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:39:11Z/
url https://jira.xwiki.org/browse/XCOMMONS-2498
3
reference_url https://jira.xwiki.org/browse/XWIKI-19793
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:39:11Z/
url https://jira.xwiki.org/browse/XWIKI-19793
4
reference_url https://jira.xwiki.org/browse/XWIKI-19794
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:39:11Z/
url https://jira.xwiki.org/browse/XWIKI-19794
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26055
reference_id CVE-2023-26055
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26055
6
reference_url https://github.com/advisories/GHSA-8cw6-4r32-6r3h
reference_id GHSA-8cw6-4r32-6r3h
reference_type
scores
url https://github.com/advisories/GHSA-8cw6-4r32-6r3h
7
reference_url https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-8cw6-4r32-6r3h
reference_id GHSA-8cw6-4r32-6r3h
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:39:11Z/
url https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-8cw6-4r32-6r3h
fixed_packages
0
url pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.10.9
purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.10.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1ra-agjy-zkep
1
vulnerability VCID-twct-br17-z7fp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.10.9
1
url pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.4.4
purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1ra-agjy-zkep
1
vulnerability VCID-twct-br17-z7fp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.4.4
2
url pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.7-rc-1
purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.7-rc-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1ra-agjy-zkep
1
vulnerability VCID-erp8-5mbk-u7eb
2
vulnerability VCID-mt3s-27sj-rqh4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.7-rc-1
aliases CVE-2023-26055, GHSA-8cw6-4r32-6r3h
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfgn-fbh9-ykfs
2
url VCID-pj5y-zu6m-e3ak
vulnerability_id VCID-pj5y-zu6m-e3ak
summary 
Improper Neutralization
org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24898
reference_id
reference_type
scores
0
value 0.00127
scoring_system epss
scoring_elements 0.31713
published_at 2026-06-05T12:55:00Z
1
value 0.00127
scoring_system epss
scoring_elements 0.31643
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24898
1
reference_url https://github.com/xwiki/xwiki-commons
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-commons
2
reference_url https://github.com/xwiki/xwiki-commons/commit/947e8921ebd95462d5a7928f397dd1b64f77c7d5
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-commons/commit/947e8921ebd95462d5a7928f397dd1b64f77c7d5
3
reference_url https://jira.xwiki.org/browse/XWIKI-18946
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jira.xwiki.org/browse/XWIKI-18946
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24898
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24898
5
reference_url https://github.com/advisories/GHSA-m2r5-4w96-qxg5
reference_id GHSA-m2r5-4w96-qxg5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2r5-4w96-qxg5
6
reference_url https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-m2r5-4w96-qxg5
reference_id GHSA-m2r5-4w96-qxg5
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-m2r5-4w96-qxg5
fixed_packages
0
url pkg:maven/org.xwiki.commons/xwiki-commons-xml@12.10.10
purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@12.10.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1ra-agjy-zkep
1
vulnerability VCID-mfgn-fbh9-ykfs
2
vulnerability VCID-twct-br17-z7fp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@12.10.10
1
url pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.4.4
purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1ra-agjy-zkep
1
vulnerability VCID-mfgn-fbh9-ykfs
2
vulnerability VCID-twct-br17-z7fp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.4.4
2
url pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.8-rc-1
purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.8-rc-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1ra-agjy-zkep
1
vulnerability VCID-mfgn-fbh9-ykfs
2
vulnerability VCID-twct-br17-z7fp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.8-rc-1
aliases CVE-2022-24898, GHSA-m2r5-4w96-qxg5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pj5y-zu6m-e3ak
3
url VCID-twct-br17-z7fp
vulnerability_id VCID-twct-br17-z7fp
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in org.xwiki.commons:xwiki-commons-xml.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29201
reference_id
reference_type
scores
0
value 0.09347
scoring_system epss
scoring_elements 0.92933
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29201
1
reference_url https://github.com/xwiki/xwiki-commons
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-commons
2
reference_url https://github.com/xwiki/xwiki-commons/commit/4a185e0594d90cd4916d60aa60bb4333dc5623b2
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T19:58:27Z/
url https://github.com/xwiki/xwiki-commons/commit/4a185e0594d90cd4916d60aa60bb4333dc5623b2
3
reference_url https://github.com/xwiki/xwiki-commons/commit/b11eae9d82cb53f32962056b5faa73f3720c6182
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T19:58:27Z/
url https://github.com/xwiki/xwiki-commons/commit/b11eae9d82cb53f32962056b5faa73f3720c6182
4
reference_url https://jira.xwiki.org/browse/XCOMMONS-1680
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T19:58:27Z/
url https://jira.xwiki.org/browse/XCOMMONS-1680
5
reference_url https://jira.xwiki.org/browse/XCOMMONS-2426
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T19:58:27Z/
url https://jira.xwiki.org/browse/XCOMMONS-2426
6
reference_url https://jira.xwiki.org/browse/XWIKI-9118
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T19:58:27Z/
url https://jira.xwiki.org/browse/XWIKI-9118
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29201
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29201
8
reference_url https://github.com/advisories/GHSA-m3jr-cvhj-f35j
reference_id GHSA-m3jr-cvhj-f35j
reference_type
scores
url https://github.com/advisories/GHSA-m3jr-cvhj-f35j
9
reference_url https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-m3jr-cvhj-f35j
reference_id GHSA-m3jr-cvhj-f35j
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T19:58:27Z/
url https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-m3jr-cvhj-f35j
fixed_packages
0
url pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.6-rc-1
purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.6-rc-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1ra-agjy-zkep
1
vulnerability VCID-erp8-5mbk-u7eb
2
vulnerability VCID-mfgn-fbh9-ykfs
3
vulnerability VCID-mt3s-27sj-rqh4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.6-rc-1
aliases CVE-2023-29201, GHSA-m3jr-cvhj-f35j
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-twct-br17-z7fp
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@7.2-milestone-2