| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-26472 | XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile | xwiki | xwiki-platform | Critical | 9.9 | 2023-03-02 18:25:06 | Deep Dive |
| CVE-2023-26473 | XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm | xwiki | xwiki-platform | Medium | 6.5 | 2023-03-02 18:17:09 | Deep Dive |
| CVE-2023-26474 | XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author | xwiki | xwiki-platform | Critical | 9.9 | 2023-03-02 18:12:16 | Deep Dive |
| CVE-2023-26475 | XWiki Platform vulnerable to Remote Code Execution in Annotations | xwiki | xwiki-platform | Critical | 9.9 | 2023-03-02 18:07:04 | Deep Dive |
| CVE-2023-26476 | Two XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor | xwiki | xwiki-platform | High | 7.5 | 2023-03-02 18:02:20 | Deep Dive |
| CVE-2023-26477 | org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability | xwiki | xwiki-platform | Critical | 10.0 | 2023-03-02 17:52:40 | Deep Dive |
| CVE-2023-26478 | org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function | xwiki | xwiki-platform | Medium | 6.6 | 2023-03-02 17:46:15 | Deep Dive |
| CVE-2023-26479 | org.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions | xwiki | xwiki-platform | Medium | 6.5 | 2023-03-02 17:20:19 | Deep Dive |
| CVE-2023-26480 | XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data | xwiki | xwiki-platform | High | 8.9 | 2023-03-02 17:09:19 | Deep Dive |
| CVE-2023-22457 | org.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery | xwiki-contrib | application-ckeditor | Critical | 9.0 | 2023-01-04 14:24:40 | Deep Dive |
| CVE-2022-41927 | XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags | xwiki | xwiki-platform | High | 7.4 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41928 | XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml | xwiki | xwiki-platform | Critical | 9.9 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41929 | Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore | xwiki | xwiki-platform | Medium | 4.9 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41930 | org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users | xwiki | xwiki-platform | High | 7.5 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41931 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui | xwiki | xwiki-platform | Critical | 9.9 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41932 | Creation of new database tables through login form on PostgreSQL | xwiki | xwiki-platform | High | 7.5 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41933 | Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default | xwiki | xwiki-platform | Medium | 6.2 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41934 | Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui | xwiki | xwiki-platform | Critical | 9.9 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41935 | Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui | xwiki | xwiki-platform | Medium | 5.3 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41936 | Exposure of Private Personal Information to an Unauthorized Actor in xwiki-platform-rest-server | xwiki | xwiki-platform | Medium | 5.3 | 2022-11-22 00:00:00 | Deep Dive |