| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-46243 | Code execution via the edit action in XWiki platform | xwiki | xwiki-platform | Critical | 9.9 | 2023-11-07 19:10:46 | Deep Dive |
| CVE-2023-46242 | Code injection in XWiki Platform | xwiki | xwiki-platform | Critical | 9.6 | 2023-11-07 19:08:09 | Deep Dive |
| CVE-2023-46244 | Privilege escalation in Xwiki platform | xwiki | xwiki-platform | Critical | 9.1 | 2023-11-07 19:04:45 | Deep Dive |
| CVE-2023-46731 | Remote code execution through the section parameter in Administration as guest in XWiki Platform | xwiki | xwiki-platform | Critical | 10.0 | 2023-11-06 18:47:49 | Deep Dive |
| CVE-2023-46732 | Reflected Cross-site scripting through revision parameter in content menu in XWiki Platform | xwiki | xwiki-platform | Critical | 9.6 | 2023-11-06 18:45:04 | Deep Dive |
| CVE-2023-45137 | XWiki Platform XSS with edit right in the create document form for existing pages | xwiki | xwiki-platform | Critical | 9.0 | 2023-10-25 20:13:23 | Deep Dive |
| CVE-2023-45136 | XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled | xwiki | xwiki-platform | Critical | 9.6 | 2023-10-25 19:36:27 | Deep Dive |
| CVE-2023-45135 | XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title | xwiki | xwiki-platform | Critical | 9.0 | 2023-10-25 19:29:05 | Deep Dive |
| CVE-2023-45134 | XWiki Platform XSS vulnerability from account in the create page form via template provider | xwiki | xwiki-platform | Critical | 9.0 | 2023-10-25 19:08:33 | Deep Dive |
| CVE-2023-37913 | org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter | xwiki | xwiki-platform | Critical | 9.9 | 2023-10-25 17:59:46 | Deep Dive |
| CVE-2023-37911 | org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents | xwiki | xwiki-platform | Medium | 6.5 | 2023-10-25 17:19:46 | Deep Dive |
| CVE-2023-37910 | org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move | xwiki | xwiki-platform | High | 8.1 | 2023-10-25 17:17:24 | Deep Dive |
| CVE-2023-37909 | Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet | xwiki | xwiki-platform | Critical | 9.9 | 2023-10-25 17:09:59 | Deep Dive |
| CVE-2023-41046 | Velocity execution without script rights in Xwiki platform | xwiki | xwiki-platform | Medium | 6.3 | 2023-09-01 19:59:23 | Deep Dive |
| CVE-2023-40573 | XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution | xwiki | xwiki-platform | Critical | 9.0 | 2023-08-24 01:31:14 | Deep Dive |
| CVE-2023-40572 | XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action | xwiki | xwiki-platform | Critical | 9.0 | 2023-08-24 01:15:33 | Deep Dive |
| CVE-2023-40177 | XWiki Platform privilege escalation (PR) from account through AWM content fields | xwiki | xwiki-platform | Critical | 9.9 | 2023-08-23 20:11:45 | Deep Dive |
| CVE-2023-40176 | SXSS in the user profile via the timezone displayer | xwiki | xwiki-platform | Critical | 9.0 | 2023-08-23 19:33:15 | Deep Dive |
| CVE-2023-37914 | Privilege escalation (PR)/RCE from account through Invitation subject/message | xwiki | xwiki-platform | Critical | 9.9 | 2023-08-17 17:21:24 | Deep Dive |
| CVE-2023-38509 | XWiki Platform's obfuscated email addresses should not be sorted | xwiki | xwiki-platform | Medium | 4.3 | 2023-07-27 18:53:31 | Deep Dive |