| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-41931 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui | xwiki | xwiki-platform | Critical | 9.9 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41932 | Creation of new database tables through login form on PostgreSQL | xwiki | xwiki-platform | High | 7.5 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41933 | Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default | xwiki | xwiki-platform | Medium | 6.2 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41934 | Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui | xwiki | xwiki-platform | Critical | 9.9 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41935 | Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui | xwiki | xwiki-platform | Medium | 5.3 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41936 | Exposure of Private Personal Information to an Unauthorized Actor in xwiki-platform-rest-server | xwiki | xwiki-platform | Medium | 5.3 | 2022-11-22 00:00:00 | Deep Dive |
| CVE-2022-41937 | Missing Authorization in XWiki Platform | xwiki | xwiki-platform | Critical | 9.6 | 2022-11-22 00:00:00 | Deep Dive |
| CVE-2022-36100 | XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection | xwiki | xwiki-platform | Critical | 9.9 | 2022-09-08 21:10:10 | Deep Dive |
| CVE-2022-36098 | XWiki Platform Mentions UI vulnerable to Cross-site Scripting | xwiki | xwiki-platform | High | 8.9 | 2022-09-08 20:50:11 | Deep Dive |
| CVE-2022-36099 | XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability | xwiki | xwiki-platform | Critical | 9.9 | 2022-09-08 20:45:14 | Deep Dive |
| CVE-2022-36097 | XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form | xwiki | xwiki-platform | High | 8.9 | 2022-09-08 20:35:11 | Deep Dive |
| CVE-2022-36096 | XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list | xwiki | xwiki-platform | High | 8.9 | 2022-09-08 20:30:13 | Deep Dive |
| CVE-2022-36095 | XWiki Cross-Site Request Forgery (CSRF) for actions on tags | xwiki | xwiki-platform | Medium | 4.3 | 2022-09-08 20:20:13 | Deep Dive |
| CVE-2022-36094 | XWiki Platform Web Parent POM vulnerable to XSS in the attachment history | xwiki | xwiki-platform | High | 8.9 | 2022-09-08 20:10:09 | Deep Dive |
| CVE-2022-36093 | XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard | xwiki | xwiki-platform | High | 8.5 | 2022-09-08 17:25:10 | Deep Dive |
| CVE-2022-36092 | XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action | xwiki | xwiki-platform | High | 7.5 | 2022-09-08 17:15:15 | Deep Dive |
| CVE-2022-36091 | XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor | xwiki | xwiki-platform | High | 7.5 | 2022-09-08 16:10:09 | Deep Dive |
| CVE-2022-36090 | org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users | xwiki | xwiki-platform | High | 8.1 | 2022-09-08 14:45:13 | Deep Dive |
| CVE-2022-31166 | XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups | xwiki | xwiki-platform | High | 8.1 | 2022-09-07 14:10:12 | Deep Dive |
| CVE-2022-31167 | XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference | xwiki | xwiki-platform | High | 7.1 | 2022-09-07 13:55:11 | Deep Dive |