Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.xwiki.rendering/xwiki-rendering-xml@11.10
Typemaven
Namespaceorg.xwiki.rendering
Namexwiki-rendering-xml
Version11.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version16.10.10
Latest_non_vulnerable_version17.6.0-rc-1
Affected_by_vulnerabilities
0
url VCID-ka8v-e114-a7em
vulnerability_id VCID-ka8v-e114-a7em
summary XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37912
reference_id
reference_type
scores
0
value 0.09887
scoring_system epss
scoring_elements 0.93193
published_at 2026-06-13T12:55:00Z
1
value 0.09887
scoring_system epss
scoring_elements 0.93194
published_at 2026-06-14T12:55:00Z
2
value 0.09887
scoring_system epss
scoring_elements 0.9317
published_at 2026-06-11T12:55:00Z
3
value 0.09887
scoring_system epss
scoring_elements 0.93192
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37912
1
reference_url https://github.com/xwiki/xwiki-rendering
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-rendering
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-37912
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-37912
3
reference_url https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e
reference_id 5f558b8fac8b716d19999225f38cb8ed0814116e
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-10T18:34:21Z/
url https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e
4
reference_url https://github.com/advisories/GHSA-35j5-m29r-xfq5
reference_id GHSA-35j5-m29r-xfq5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-35j5-m29r-xfq5
5
reference_url https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5
reference_id GHSA-35j5-m29r-xfq5
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-10T18:34:21Z/
url https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5
6
reference_url https://jira.xwiki.org/browse/XRENDERING-688
reference_id XRENDERING-688
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-10T18:34:21Z/
url https://jira.xwiki.org/browse/XRENDERING-688
fixed_packages
0
url pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@14.10.6
purl pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@14.10.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xu7z-7p23-77hb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@14.10.6
1
url pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@15.1-rc-1
purl pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@15.1-rc-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xu7z-7p23-77hb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@15.1-rc-1
aliases CVE-2023-37912, GHSA-35j5-m29r-xfq5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ka8v-e114-a7em
1
url VCID-xu7z-7p23-77hb
vulnerability_id VCID-xu7z-7p23-77hb
summary XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against {{/html}} injection, which attackers can exploit through RCE. Any user who can edit their own profile or any other document can execute arbitrary script macros, including Groovy and Python macros, which enable remote code execution as well as unrestricted read and write access to all wiki contents. This issue is fixed in versions 16.10.10, 17.4.3 and 17.6.0-rc-1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66474
reference_id
reference_type
scores
0
value 0.00678
scoring_system epss
scoring_elements 0.72034
published_at 2026-06-11T12:55:00Z
1
value 0.00678
scoring_system epss
scoring_elements 0.72126
published_at 2026-06-14T12:55:00Z
2
value 0.00678
scoring_system epss
scoring_elements 0.72131
published_at 2026-06-13T12:55:00Z
3
value 0.00678
scoring_system epss
scoring_elements 0.72119
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66474
1
reference_url https://github.com/xwiki/xwiki-rendering
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-rendering
2
reference_url https://github.com/xwiki/xwiki-platform/commit/12b780ccd5bca5fc8f74f46648d7e02fa04fbc11
reference_id 12b780ccd5bca5fc8f74f46648d7e02fa04fbc11
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-12-11T15:39:13Z/
url https://github.com/xwiki/xwiki-platform/commit/12b780ccd5bca5fc8f74f46648d7e02fa04fbc11
3
reference_url https://github.com/xwiki/xwiki-rendering/commit/9b71a2ee035815cfc29cebbfe81dbdd98f941d49
reference_id 9b71a2ee035815cfc29cebbfe81dbdd98f941d49
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-12-11T15:39:13Z/
url https://github.com/xwiki/xwiki-rendering/commit/9b71a2ee035815cfc29cebbfe81dbdd98f941d49
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66474
reference_id CVE-2025-66474
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66474
5
reference_url https://github.com/advisories/GHSA-9xc6-c2rm-f27p
reference_id GHSA-9xc6-c2rm-f27p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9xc6-c2rm-f27p
6
reference_url https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-9xc6-c2rm-f27p
reference_id GHSA-9xc6-c2rm-f27p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-12-11T15:39:13Z/
url https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-9xc6-c2rm-f27p
7
reference_url https://jira.xwiki.org/browse/XRENDERING-693
reference_id XRENDERING-693
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-12-11T15:39:13Z/
url https://jira.xwiki.org/browse/XRENDERING-693
8
reference_url https://jira.xwiki.org/browse/XRENDERING-792
reference_id XRENDERING-792
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-12-11T15:39:13Z/
url https://jira.xwiki.org/browse/XRENDERING-792
9
reference_url https://jira.xwiki.org/browse/XRENDERING-793
reference_id XRENDERING-793
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-12-11T15:39:13Z/
url https://jira.xwiki.org/browse/XRENDERING-793
10
reference_url https://jira.xwiki.org/browse/XWIKI-23378
reference_id XWIKI-23378
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-12-11T15:39:13Z/
url https://jira.xwiki.org/browse/XWIKI-23378
fixed_packages
0
url pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@16.10.10
purl pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@16.10.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@16.10.10
1
url pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@17.4.3
purl pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@17.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@17.4.3
2
url pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@17.6.0-rc-1
purl pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@17.6.0-rc-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@17.6.0-rc-1
aliases CVE-2025-66474, GHSA-9xc6-c2rm-f27p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xu7z-7p23-77hb
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.rendering/xwiki-rendering-xml@11.10