org.xwiki.platform:xwiki-platform-oldcore vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.xwiki.platform:xwiki-platform-oldcore package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Cross-site Scripting

[,14.10.21)[15.0,15.5.5)[15.6,15.10.6)
  • C
Remote Code Execution (RCE)

[9.2-rc-1,14.10.21)[15.0-rc-1,15.5.5)[15.6-rc-1,15.10.2)
  • M
Missing Authorization

[13.10.4,14.10.21)[15.0.0,15.5.5)[15.6-rc-1,15.10.6)
  • M
Incorrect Privilege Assignment

[13.4.7,13.5)[13.10.3,14.10.21)[15.0-rc-1,15.5.5)[15.6-rc-1,15.10.6)[16.0.0-rc-1,16.0.0)
  • H
Missing Authorization

[6.4-milestone-1,14.10.19)[15.0-rc-1,15.5.4)[15.6-rc-1,15.10-rc-1)
  • M
Information Exposure

[5.0-rc-1,14.10.19)[15.0-rc-1,15.5.4)[15.6-rc-1,15.9-rc-1)
  • C
Missing Authorization

[3.0.1,14.10.20)[15.0-rc-1,15.5.4)[15.6-rc-1,15.10-rc-1)
  • H
Improper Handling of Insufficient Privileges

[,14.10.17)[15.0-rc-1,15.5.3)[15.6-rc-1,15.8-rc-1)
  • C
Code Injection

[,14.10.7)[15.0-rc-1,15.2-rc-1)
  • C
Incorrect Authorization

[,14.10.6)[15.0-rc-1,15.2-rc-1)
  • M
Incorrect Authorization

[9.4-rc-1,14.10.8)[15.0-rc-1,15.3-rc-1)
  • M
Arbitrary Code Execution

[7.2,14.10.10)[15.0-rc-1,15.4-rc-1)
  • C
Information Exposure

[3.2-milestone-3,14.10.9)[15.0-rc-1,15.4-rc-1)
  • H
Cross-site Scripting (XSS)

[3.2-milestone-3,14.10.6)[15.0-rc-0,15.1-rc-1)
  • C
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

[3.3-milestone-1,13.10.11)[14.0-rc-1,14.4.8)[14.5,14.10.2)
  • H
Information Exposure

[10.11.1,13.10.11)[14.0-rc-1,14.4.8)[14.5,14.10.3)
  • C
Incorrect Use of Privileged APIs

[14.4.1,14.4.7)[14.5,14.10)
  • M
Open Redirect

[6.0-rc-1,13.10.10)[14.0-rc-1,14.4.4)[14.5,<14.8-rc-1)
  • H
Exposure of Resource to Wrong Sphere

[1.2-milestone-1,13.10.11)[14.0-rc-1,14.4.7)[14.5,14.10)
  • H
Privilege Context Switching Error

[2.3-milestone-1,13.10.11)[14.0-rc-1,14.10)
  • H
Access Control Bypass

[13.10,13.10.11)[14.0-rc-1,14.10)
  • M
Denial of Service (DoS)

[,14.0-rc-1)
  • H
Denial of Service (DoS)

[14.5.0,14.6-rc-1)[14.0.0,14.4.2)[,13.10.8)
  • M
Missing Authorization

[14.0.0,14.4.2)[11.7RC1,13.10.7)
  • M
Information Exposure

[,13.10.4)[14.0-rc-1,14.3-rc-1)
  • H
Improper Authorization

[,13.10.5)[14.0-rc-1,14.3-rc-1)
  • H
Privilege Escalation

[,13.10.4)[14.0-rc-1,14.2)
  • L
Directory Traversal

[,13.10.3)
  • M
Missing Authorization

[,12.10.9)[13.0.0,13.4.3)[13.5.0,13.7-rc-1)
  • M
Open Redirect

[,12.10.7)[13.0,13.3-rc-1)
  • M
Missing Authorization

[,12.10.6)[13.0,13.2-rc-1)
  • M
Authorization Bypass

[,13.0)
  • M
Arbitrary Code Execution

[,12.10.6)[13.0,13.3)
  • M
Improper Authorization

[12.10.0,12.10.2)[12.0,12.6.7)[11.6,11.10.13)
  • C
Cross-site Scripting (XSS)

[12.7,12.8)[,12.6.3)
  • M
Improper Input Validation

[,12.8)
  • H
Remote Code Execution (RCE)

[,11.10.6)[12.0,12.5)
  • H
Deserialization of Untrusted Data

[,11.10.5)[12.0.0,12.2.1)