GCVE - cpe:2.3:a:xwiki:xwiki:5.0:milestone1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:xwiki:xwiki:5.0:milestone1:*:*:*:*:*:*

part: a version: 5.0 update: milestone1

Vendor	Xwiki (`cdc9c0cd-6ac5-5dc0-9f52-915ebd57f20d`)
Product	Xwiki (`2fad5bf8-5703-5dac-bd8d-95a867c2e84d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/xwiki/xwiki`	purl2cpe	2026-06-01 10:18:15.850456
`pkg:github/xwiki/xwiki-platform`	purl2cpe	2026-06-01 10:18:15.850457
`pkg:gitlab/q-phillips/xwiki-platform`	purl2cpe	2026-06-01 10:18:15.850459
`pkg:xwiki/xwiki`	purl2cpe	2026-06-01 10:18:15.850460

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-34466`	vulnerable	2026-06-03 14:52:16.875281	XWiki Platform's tags on non-viewable pages can be revealed to users MEDIUM (4.3) XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1. Published: 2023-06-23T15:26:11.453Z Updated: 2024-11-29T14:36:27.432Z Open on db.gcve.eu Reference links https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7f2f-pcv3-j2r7 https://jira.xwiki.org/browse/XWIKI-20002	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-41928`	vulnerable	2026-06-03 14:48:11.850381	XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml CRITICAL (9.9) XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 Published: 2022-11-23T00:00:00.000Z Updated: 2025-04-22T16:01:25.660Z Open on db.gcve.eu Reference links https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j https://jira.xwiki.org/browse/XWIKI-19800	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.