{"url":"http://public2.vulnerablecode.io/api/packages/73595?format=json","purl":"pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@16.10.12","type":"maven","namespace":"org.xwiki.platform","name":"xwiki-platform-web-templates","version":"16.10.12","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"17.4.2","latest_non_vulnerable_version":"17.8.0-rc-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49827?format=json","vulnerability_id":"VCID-b75w-1jeb-hbeq","summary":"XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages\nA reflected cross site scripting (XSS) vulnerability in XWiki allows an attacker to execute arbitrary actions in XWiki with the rights of the victim if the attacker manages to trick a victim into visiting a crafted URL. If the victim has administrative or programming rights, those rights can be exploited to gain full access to the XWiki installation.","references":[{"reference_url":"https://github.com/xwiki/xwiki-platform","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform"},{"reference_url":"https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf"},{"reference_url":"https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf#diff-8f16efedd19baae025db602d8736a105bfd8f72676af2c935b8195a0c356ee71","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf#diff-8f16efedd19baae025db602d8736a105bfd8f72676af2c935b8195a0c356ee71"},{"reference_url":"https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-16.10.12","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-16.10.12"},{"reference_url":"https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.4.5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.4.5"},{"reference_url":"https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.8.0-rc-1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.8.0-rc-1"},{"reference_url":"https://jira.xwiki.org/browse/XWIKI-23462","reference_id":"","reference_type":"","scores":[],"url":"https://jira.xwiki.org/browse/XWIKI-23462"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24128","reference_id":"CVE-2026-24128","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24128"},{"reference_url":"https://github.com/advisories/GHSA-wvqx-m5px-6cmp","reference_id":"GHSA-wvqx-m5px-6cmp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wvqx-m5px-6cmp"},{"reference_url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wvqx-m5px-6cmp","reference_id":"GHSA-wvqx-m5px-6cmp","reference_type":"","scores":[],"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wvqx-m5px-6cmp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73595?format=json","purl":"pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@16.10.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@16.10.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73596?format=json","purl":"pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/73597?format=json","purl":"pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.8.0-rc-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@17.8.0-rc-1"}],"aliases":["CVE-2026-24128","GHSA-wvqx-m5px-6cmp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b75w-1jeb-hbeq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-web-templates@16.10.12"}