XWiki 12.9 Release Candidate 1
Approved changes feed: RSS · Atom
cpe:2.3:a:xwiki:xwiki:12.9:rc1:*:*:*:*:*:*
part: a version: 12.9 update: rc1
| Vendor | Xwiki (cdc9c0cd-6ac5-5dc0-9f52-915ebd57f20d) |
|---|---|
| Product | Xwiki (2fad5bf8-5703-5dac-bd8d-95a867c2e84d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/xwiki/xwiki |
purl2cpe | 2026-06-01 10:18:15.676761 |
pkg:github/xwiki/xwiki-platform |
purl2cpe | 2026-06-01 10:18:15.676763 |
pkg:gitlab/q-phillips/xwiki-platform |
purl2cpe | 2026-06-01 10:18:15.676764 |
pkg:xwiki/xwiki |
purl2cpe | 2026-06-01 10:18:15.676765 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-35152 |
vulnerable | 2026-06-03 14:52:17.889159 |
XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults
CRITICAL (10)
XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, one may apply the patch manually.
Published: 2023-06-23T16:41:51.268Z
Updated: 2024-11-27T20:45:47.820Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.