Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.xwiki.commons/xwiki-commons-xml@3.1-milestone-1
Typemaven
Namespaceorg.xwiki.commons
Namexwiki-commons-xml
Version3.1-milestone-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version14.10.6
Latest_non_vulnerable_version15.2-rc-1
Affected_by_vulnerabilities
0
url VCID-mfgn-fbh9-ykfs
vulnerability_id VCID-mfgn-fbh9-ykfs
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places where short text properties are displayed, e.g., in apps created using Apps Within Minutes that use a short text field. The problem has been patched on versions 13.10.9, 14.4.4, 14.7RC1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26055
reference_id
reference_type
scores
0
value 0.04897
scoring_system epss
scoring_elements 0.89773
published_at 2026-06-04T12:55:00Z
1
value 0.04897
scoring_system epss
scoring_elements 0.89791
published_at 2026-06-06T12:55:00Z
2
value 0.04897
scoring_system epss
scoring_elements 0.89789
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26055
1
reference_url https://github.com/xwiki/xwiki-commons
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-commons
2
reference_url https://jira.xwiki.org/browse/XCOMMONS-2498
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:39:11Z/
url https://jira.xwiki.org/browse/XCOMMONS-2498
3
reference_url https://jira.xwiki.org/browse/XWIKI-19793
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:39:11Z/
url https://jira.xwiki.org/browse/XWIKI-19793
4
reference_url https://jira.xwiki.org/browse/XWIKI-19794
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:39:11Z/
url https://jira.xwiki.org/browse/XWIKI-19794
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26055
reference_id CVE-2023-26055
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26055
6
reference_url https://github.com/advisories/GHSA-8cw6-4r32-6r3h
reference_id GHSA-8cw6-4r32-6r3h
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8cw6-4r32-6r3h
7
reference_url https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-8cw6-4r32-6r3h
reference_id GHSA-8cw6-4r32-6r3h
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T20:39:11Z/
url https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-8cw6-4r32-6r3h
fixed_packages
0
url pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.10.9
purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.10.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1ra-agjy-zkep
1
vulnerability VCID-twct-br17-z7fp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@13.10.9
1
url pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.4.4
purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1ra-agjy-zkep
1
vulnerability VCID-twct-br17-z7fp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.4.4
2
url pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.7-rc-1
purl pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.7-rc-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1ra-agjy-zkep
1
vulnerability VCID-erp8-5mbk-u7eb
2
vulnerability VCID-mt3s-27sj-rqh4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@14.7-rc-1
aliases CVE-2023-26055, GHSA-8cw6-4r32-6r3h
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfgn-fbh9-ykfs
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.commons/xwiki-commons-xml@3.1-milestone-1