{"url":"http://public2.vulnerablecode.io/api/packages/72865?format=json","purl":"pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.0.0-rc-1","type":"maven","namespace":"org.xwiki.platform","name":"xwiki-platform-web-templates","version":"17.0.0-rc-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"17.4.2","latest_non_vulnerable_version":"17.8.0-rc-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49827?format=json","vulnerability_id":"VCID-b75w-1jeb-hbeq","summary":"XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages\nA reflected cross site scripting (XSS) vulnerability in XWiki allows an attacker to execute arbitrary actions in XWiki with the rights of the victim if the attacker manages to trick a victim into visiting a crafted URL. If the victim has administrative or programming rights, those rights can be exploited to gain full access to the XWiki installation.","references":[{"reference_url":"https://github.com/xwiki/xwiki-platform","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform"},{"reference_url":"https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf"},{"reference_url":"https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf#diff-8f16efedd19baae025db602d8736a105bfd8f72676af2c935b8195a0c356ee71","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf#diff-8f16efedd19baae025db602d8736a105bfd8f72676af2c935b8195a0c356ee71"},{"reference_url":"https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-16.10.12","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-16.10.12"},{"reference_url":"https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.4.5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.4.5"},{"reference_url":"https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.8.0-rc-1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.8.0-rc-1"},{"reference_url":"https://jira.xwiki.org/browse/XWIKI-23462","reference_id":"","reference_type":"","scores":[],"url":"https://jira.xwiki.org/browse/XWIKI-23462"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24128","reference_id":"CVE-2026-24128","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24128"},{"reference_url":"https://github.com/advisories/GHSA-wvqx-m5px-6cmp","reference_id":"GHSA-wvqx-m5px-6cmp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wvqx-m5px-6cmp"},{"reference_url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wvqx-m5px-6cmp","reference_id":"GHSA-wvqx-m5px-6cmp","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wvqx-m5px-6cmp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73596?format=json","purl":"pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/73597?format=json","purl":"pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.8.0-rc-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.8.0-rc-1"}],"aliases":["CVE-2026-24128","GHSA-wvqx-m5px-6cmp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b75w-1jeb-hbeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49392?format=json","vulnerability_id":"VCID-f43y-xyma-23av","summary":"XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication\nA reflected XSS vulnerability in XWiki allows an attacker to send a victim to a URL with a deletion confirmation message on which the attacker-supplied script is executed when the victim clicks the \"No\" button. When the victim has admin or programming right, this allows the attacker to execute basically arbitrary actions on the XWiki installation including remote code execution.","references":[{"reference_url":"https://github.com/xwiki/xwiki-platform","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform"},{"reference_url":"https://github.com/xwiki/xwiki-platform/commit/cb578b1b2910d06e9dd7581077072d1cfbd280f2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform/commit/cb578b1b2910d06e9dd7581077072d1cfbd280f2"},{"reference_url":"https://jira.xwiki.org/browse/XWIKI-23244","reference_id":"","reference_type":"","scores":[],"url":"https://jira.xwiki.org/browse/XWIKI-23244"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66472","reference_id":"CVE-2025-66472","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66472"},{"reference_url":"https://github.com/advisories/GHSA-7vpr-jm38-wr7w","reference_id":"GHSA-7vpr-jm38-wr7w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7vpr-jm38-wr7w"},{"reference_url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vpr-jm38-wr7w","reference_id":"GHSA-7vpr-jm38-wr7w","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vpr-jm38-wr7w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72867?format=json","purl":"pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.4.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.4.2"}],"aliases":["CVE-2025-66472","GHSA-7vpr-jm38-wr7w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f43y-xyma-23av"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.0.0-rc-1"}