Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.xwiki.platform/xwiki-platform-appwithinminutes-ui@4.3-milestone-2

Type maven

Namespace org.xwiki.platform

Name xwiki-platform-appwithinminutes-ui

Version 4.3-milestone-2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 13.10.11

Latest_non_vulnerable_version 15.1-rc-1

Affected_by_vulnerabilities

url VCID-rfw8-d1zs-ruck

vulnerability_id VCID-rfw8-d1zs-ruck

summary

XWiki Platform privilege escalation (PR) from account through AWM content fields
Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation.

references

reference_url	https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262
reference_id
reference_type
scores
url	https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262

reference_url	https://jira.xwiki.org/browse/XWIKI-7369
reference_id
reference_type
scores
url	https://jira.xwiki.org/browse/XWIKI-7369

reference_url	https://github.com/advisories/GHSA-5mf8-v43w-mfxp
reference_id	GHSA-5mf8-v43w-mfxp
reference_type
scores
url	https://github.com/advisories/GHSA-5mf8-v43w-mfxp

reference_url	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp
reference_id	GHSA-5mf8-v43w-mfxp
reference_type
scores
url	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp

fixed_packages

url	pkg:maven/org.xwiki.platform/xwiki-platform-appwithinminutes-ui@14.10.5
purl	pkg:maven/org.xwiki.platform/xwiki-platform-appwithinminutes-ui@14.10.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-appwithinminutes-ui@14.10.5

aliases CVE-2023-40177, GHSA-5mf8-v43w-mfxp

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfw8-d1zs-ruck

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-appwithinminutes-ui@4.3-milestone-2

Package Instance