| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-24897 | Arbitrary filesystem write access from Velocity | xwiki | xwiki-commons | High | 7.5 | 2022-05-02 21:49:17 | Deep Dive |
| CVE-2022-24898 | Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml | xwiki | xwiki-commons | Medium | 4.9 | 2022-04-28 19:35:10 | Deep Dive |
| CVE-2022-24820 | Unauthenticated user can list hidden document from multiple velocity templates | xwiki | xwiki-platform | Medium | 5.3 | 2022-04-08 19:25:10 | Deep Dive |
| CVE-2022-24819 | Unauthenticated user can retrieve the list of users through uorgsuggest.vm | xwiki | xwiki-platform | Medium | 5.3 | 2022-04-08 19:20:10 | Deep Dive |
| CVE-2022-24821 | Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx | xwiki | xwiki-platform | Medium | 6.8 | 2022-04-08 18:55:10 | Deep Dive |
| CVE-2022-23622 | Cross site scripting in registration template in xwiki-platform | xwiki | xwiki-platform | High | 7.4 | 2022-02-09 21:40:10 | Deep Dive |
| CVE-2022-23621 | Missing authorization in xwiki-platform | xwiki | xwiki-platform | Medium | 5.5 | 2022-02-09 21:25:11 | Deep Dive |
| CVE-2022-23620 | Path traversal in xwiki-platform-skin-skinx | xwiki | xwiki-platform | Medium | 6.8 | 2022-02-09 21:15:12 | Deep Dive |
| CVE-2022-23619 | Information exposure in xwiki-platform | xwiki | xwiki-platform | Medium | 5.3 | 2022-02-09 21:10:11 | Deep Dive |
| CVE-2022-23618 | Open Redirect in xwiki-platform | xwiki | xwiki-platform | Medium | 4.7 | 2022-02-09 21:05:11 | Deep Dive |
| CVE-2022-23617 | Missing authorization in xwiki-platform | xwiki | xwiki-platform | Medium | 6.5 | 2022-02-09 21:00:14 | Deep Dive |
| CVE-2022-23616 | Remote code execution in xwiki-platform | xwiki | xwiki-platform | High | 8.8 | 2022-02-09 20:55:10 | Deep Dive |
| CVE-2022-23615 | Partial authorization bypass on document save in xwiki-platform | xwiki | xwiki-platform | Medium | 5.4 | 2022-02-09 20:35:11 | Deep Dive |
| CVE-2021-43841 | XSS by SVG upload in xwiki-platform | xwiki | xwiki-platform | Medium | 5.4 | 2022-02-04 22:30:14 | Deep Dive |
| CVE-2021-32732 | Cross-Site Request Forgery in xwiki-platform | xwiki | xwiki-platform | High | 7.5 | 2022-02-04 22:15:13 | Deep Dive |
| CVE-2021-32731 | The reset password form reveal users email address | xwiki | xwiki-platform | Medium | 5.3 | 2021-07-01 19:05:14 | Deep Dive |
| CVE-2021-32730 | No CSRF protection on the password change form | xwiki | xwiki-platform | Medium | 5.7 | 2021-07-01 17:30:13 | Deep Dive |
| CVE-2021-32729 | A user without PR can reset user authentication failures information | xwiki | xwiki-platform | Low | 2.0 | 2021-07-01 16:45:11 | Deep Dive |
| CVE-2021-32620 | Users registered with email verification can self re-activate their disabled accounts | xwiki | xwiki-platform | High | 8.8 | 2021-05-28 21:05:15 | Deep Dive |
| CVE-2021-32621 | Script injection without script or programming rights through Gadget titles | xwiki | xwiki-platform | High | 8.8 | 2021-05-28 21:05:11 | Deep Dive |