| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-41937 | Missing Authorization in XWiki Platform | xwiki | xwiki-platform | Critical | 9.6 | 2022-11-22 00:00:00 | Deep Dive |
| CVE-2022-39387 | XWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication | xwiki-contrib | oidc | Critical | 9.1 | 2022-11-04 00:00:00 | Deep Dive |
| CVE-2022-36100 | XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection | xwiki | xwiki-platform | Critical | 9.9 | 2022-09-08 21:10:10 | Deep Dive |
| CVE-2022-36098 | XWiki Platform Mentions UI vulnerable to Cross-site Scripting | xwiki | xwiki-platform | High | 8.9 | 2022-09-08 20:50:11 | Deep Dive |
| CVE-2022-36099 | XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability | xwiki | xwiki-platform | Critical | 9.9 | 2022-09-08 20:45:14 | Deep Dive |
| CVE-2022-36097 | XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form | xwiki | xwiki-platform | High | 8.9 | 2022-09-08 20:35:11 | Deep Dive |
| CVE-2022-36096 | XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list | xwiki | xwiki-platform | High | 8.9 | 2022-09-08 20:30:13 | Deep Dive |
| CVE-2022-36095 | XWiki Cross-Site Request Forgery (CSRF) for actions on tags | xwiki | xwiki-platform | Medium | 4.3 | 2022-09-08 20:20:13 | Deep Dive |
| CVE-2022-36094 | XWiki Platform Web Parent POM vulnerable to XSS in the attachment history | xwiki | xwiki-platform | High | 8.9 | 2022-09-08 20:10:09 | Deep Dive |
| CVE-2022-36093 | XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard | xwiki | xwiki-platform | High | 8.5 | 2022-09-08 17:25:10 | Deep Dive |
| CVE-2022-36092 | XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action | xwiki | xwiki-platform | High | 7.5 | 2022-09-08 17:15:15 | Deep Dive |
| CVE-2022-36091 | XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor | xwiki | xwiki-platform | High | 7.5 | 2022-09-08 16:10:09 | Deep Dive |
| CVE-2022-36090 | org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users | xwiki | xwiki-platform | High | 8.1 | 2022-09-08 14:45:13 | Deep Dive |
| CVE-2022-31166 | XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups | xwiki | xwiki-platform | High | 8.1 | 2022-09-07 14:10:12 | Deep Dive |
| CVE-2022-31167 | XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference | xwiki | xwiki-platform | High | 7.1 | 2022-09-07 13:55:11 | Deep Dive |
| CVE-2022-29258 | Cross-site Scripting in Filter Stream Converter Application in XWiki Platform | xwiki | xwiki-platform | High | 7.4 | 2022-05-31 16:45:11 | Deep Dive |
| CVE-2022-29251 | Cross-site Scripting in the Flamingo theme manager | xwiki | xwiki-platform | High | 7.4 | 2022-05-25 20:55:22 | Deep Dive |
| CVE-2022-29252 | Cross-site Scripting in XWiki Platform Wiki UI Main Wiki | xwiki | xwiki-platform | High | 7.4 | 2022-05-25 20:55:16 | Deep Dive |
| CVE-2022-29253 | Path Traversal in XWiki Platform | xwiki | xwiki-platform | Low | 2.7 | 2022-05-25 20:55:10 | Deep Dive |
| CVE-2022-29161 | Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform | xwiki | xwiki-platform | Medium | 5.4 | 2022-05-05 23:35:28 | Deep Dive |