org.xwiki.commons:xwiki-commons-xml@14.9-rc-1 vulnerabilities
-
latest version
16.4.0
-
latest non vulnerable version
-
first published
13 years ago
-
latest version published
2 months ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.xwiki.commons:xwiki-commons-xml package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') due to allowing an attacker without Note: The attacker would need to ensure that the edit form looks plausible, though, which can be non-trivial as without script right the attacker cannot display the regular content of the document. How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? Upgrade |
[14.6-rc-1,14.10.6)
[15.0-rc-1,15.2-rc-1)
|
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization via invalid data attributes. Note: This vulnerability does not affect restricted cleaning in HTMLCleaner as there attributes are cleaned and thus characters like How to fix Cross-site Scripting (XSS)? Upgrade |
[14.6-rc-1,14.10.4)
|
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) such that the How to fix Cross-site Scripting (XSS)? Upgrade |
[4.2-milestone-1,14.10)
|