Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.0.0-rc-1
Typemaven
Namespaceorg.xwiki.platform
Namexwiki-platform-web-templates
Version17.0.0-rc-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version17.4.2
Latest_non_vulnerable_version17.8.0-rc-1
Affected_by_vulnerabilities
0
url VCID-b75w-1jeb-hbeq
vulnerability_id VCID-b75w-1jeb-hbeq
summary 
XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages
A reflected cross site scripting (XSS) vulnerability in XWiki allows an attacker to execute arbitrary actions in XWiki with the rights of the victim if the attacker manages to trick a victim into visiting a crafted URL. If the victim has administrative or programming rights, those rights can be exploited to gain full access to the XWiki installation.
references
0
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform
1
reference_url https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf
2
reference_url https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf#diff-8f16efedd19baae025db602d8736a105bfd8f72676af2c935b8195a0c356ee71
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf#diff-8f16efedd19baae025db602d8736a105bfd8f72676af2c935b8195a0c356ee71
3
reference_url https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-16.10.12
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-16.10.12
4
reference_url https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.4.5
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.4.5
5
reference_url https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.8.0-rc-1
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.8.0-rc-1
6
reference_url https://jira.xwiki.org/browse/XWIKI-23462
reference_id
reference_type
scores
url https://jira.xwiki.org/browse/XWIKI-23462
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24128
reference_id CVE-2026-24128
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-24128
8
reference_url https://github.com/advisories/GHSA-wvqx-m5px-6cmp
reference_id GHSA-wvqx-m5px-6cmp
reference_type
scores
url https://github.com/advisories/GHSA-wvqx-m5px-6cmp
9
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wvqx-m5px-6cmp
reference_id GHSA-wvqx-m5px-6cmp
reference_type
scores
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wvqx-m5px-6cmp
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.4.5
purl pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.4.5
1
url pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.8.0-rc-1
purl pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.8.0-rc-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.8.0-rc-1
aliases CVE-2026-24128, GHSA-wvqx-m5px-6cmp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b75w-1jeb-hbeq
1
url VCID-f43y-xyma-23av
vulnerability_id VCID-f43y-xyma-23av
summary 
XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication
A reflected XSS vulnerability in XWiki allows an attacker to send a victim to a URL with a deletion confirmation message on which the attacker-supplied script is executed when the victim clicks the "No" button. When the victim has admin or programming right, this allows the attacker to execute basically arbitrary actions on the XWiki installation including remote code execution.
references
0
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform
1
reference_url https://github.com/xwiki/xwiki-platform/commit/cb578b1b2910d06e9dd7581077072d1cfbd280f2
reference_id
reference_type
scores
url https://github.com/xwiki/xwiki-platform/commit/cb578b1b2910d06e9dd7581077072d1cfbd280f2
2
reference_url https://jira.xwiki.org/browse/XWIKI-23244
reference_id
reference_type
scores
url https://jira.xwiki.org/browse/XWIKI-23244
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66472
reference_id CVE-2025-66472
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-66472
4
reference_url https://github.com/advisories/GHSA-7vpr-jm38-wr7w
reference_id GHSA-7vpr-jm38-wr7w
reference_type
scores
url https://github.com/advisories/GHSA-7vpr-jm38-wr7w
5
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vpr-jm38-wr7w
reference_id GHSA-7vpr-jm38-wr7w
reference_type
scores
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vpr-jm38-wr7w
fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.4.2
purl pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.4.2
aliases CVE-2025-66472, GHSA-7vpr-jm38-wr7w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f43y-xyma-23av
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.0.0-rc-1