| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-29258 | Cross-site Scripting in Filter Stream Converter Application in XWiki Platform | xwiki | xwiki-platform | High | 7.4 | 2022-05-31 16:45:11 | Deep Dive |
| CVE-2022-29251 | Cross-site Scripting in the Flamingo theme manager | xwiki | xwiki-platform | High | 7.4 | 2022-05-25 20:55:22 | Deep Dive |
| CVE-2022-29252 | Cross-site Scripting in XWiki Platform Wiki UI Main Wiki | xwiki | xwiki-platform | High | 7.4 | 2022-05-25 20:55:16 | Deep Dive |
| CVE-2022-29253 | Path Traversal in XWiki Platform | xwiki | xwiki-platform | Low | 2.7 | 2022-05-25 20:55:10 | Deep Dive |
| CVE-2022-29161 | Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform | xwiki | xwiki-platform | Medium | 5.4 | 2022-05-05 23:35:28 | Deep Dive |
| CVE-2022-24820 | Unauthenticated user can list hidden document from multiple velocity templates | xwiki | xwiki-platform | Medium | 5.3 | 2022-04-08 19:25:10 | Deep Dive |
| CVE-2022-24819 | Unauthenticated user can retrieve the list of users through uorgsuggest.vm | xwiki | xwiki-platform | Medium | 5.3 | 2022-04-08 19:20:10 | Deep Dive |
| CVE-2022-24821 | Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx | xwiki | xwiki-platform | Medium | 6.8 | 2022-04-08 18:55:10 | Deep Dive |
| CVE-2022-23622 | Cross site scripting in registration template in xwiki-platform | xwiki | xwiki-platform | High | 7.4 | 2022-02-09 21:40:10 | Deep Dive |
| CVE-2022-23621 | Missing authorization in xwiki-platform | xwiki | xwiki-platform | Medium | 5.5 | 2022-02-09 21:25:11 | Deep Dive |
| CVE-2022-23620 | Path traversal in xwiki-platform-skin-skinx | xwiki | xwiki-platform | Medium | 6.8 | 2022-02-09 21:15:12 | Deep Dive |
| CVE-2022-23619 | Information exposure in xwiki-platform | xwiki | xwiki-platform | Medium | 5.3 | 2022-02-09 21:10:11 | Deep Dive |
| CVE-2022-23618 | Open Redirect in xwiki-platform | xwiki | xwiki-platform | Medium | 4.7 | 2022-02-09 21:05:11 | Deep Dive |
| CVE-2022-23617 | Missing authorization in xwiki-platform | xwiki | xwiki-platform | Medium | 6.5 | 2022-02-09 21:00:14 | Deep Dive |
| CVE-2022-23616 | Remote code execution in xwiki-platform | xwiki | xwiki-platform | High | 8.8 | 2022-02-09 20:55:10 | Deep Dive |
| CVE-2022-23615 | Partial authorization bypass on document save in xwiki-platform | xwiki | xwiki-platform | Medium | 5.4 | 2022-02-09 20:35:11 | Deep Dive |
| CVE-2021-43841 | XSS by SVG upload in xwiki-platform | xwiki | xwiki-platform | Medium | 5.4 | 2022-02-04 22:30:14 | Deep Dive |
| CVE-2021-32732 | Cross-Site Request Forgery in xwiki-platform | xwiki | xwiki-platform | High | 7.5 | 2022-02-04 22:15:13 | Deep Dive |
| CVE-2021-32731 | The reset password form reveal users email address | xwiki | xwiki-platform | Medium | 5.3 | 2021-07-01 19:05:14 | Deep Dive |
| CVE-2021-32730 | No CSRF protection on the password change form | xwiki | xwiki-platform | Medium | 5.7 | 2021-07-01 17:30:13 | Deep Dive |