| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-48293 | XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries | xwiki-contrib | application-admintools | High | 8.8 | 2023-11-20 18:14:09 | Deep Dive |
| CVE-2023-48292 | XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks | xwiki-contrib | application-admintools | Critical | 9.6 | 2023-11-20 18:02:43 | Deep Dive |
| CVE-2023-48241 | XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service | xwiki | xwiki-platform | High | 7.5 | 2023-11-20 17:58:55 | Deep Dive |
| CVE-2023-48240 | XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery | xwiki | xwiki-platform | Critical | 9.0 | 2023-11-20 17:48:03 | Deep Dive |
| CVE-2023-46243 | Code execution via the edit action in XWiki platform | xwiki | xwiki-platform | Critical | 9.9 | 2023-11-07 19:10:46 | Deep Dive |
| CVE-2023-46242 | Code injection in XWiki Platform | xwiki | xwiki-platform | Critical | 9.6 | 2023-11-07 19:08:09 | Deep Dive |
| CVE-2023-46244 | Privilege escalation in Xwiki platform | xwiki | xwiki-platform | Critical | 9.1 | 2023-11-07 19:04:45 | Deep Dive |
| CVE-2023-46731 | Remote code execution through the section parameter in Administration as guest in XWiki Platform | xwiki | xwiki-platform | Critical | 10.0 | 2023-11-06 18:47:49 | Deep Dive |
| CVE-2023-46732 | Reflected Cross-site scripting through revision parameter in content menu in XWiki Platform | xwiki | xwiki-platform | Critical | 9.6 | 2023-11-06 18:45:04 | Deep Dive |
| CVE-2023-45137 | XWiki Platform XSS with edit right in the create document form for existing pages | xwiki | xwiki-platform | Critical | 9.0 | 2023-10-25 20:13:23 | Deep Dive |
| CVE-2023-45136 | XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled | xwiki | xwiki-platform | Critical | 9.6 | 2023-10-25 19:36:27 | Deep Dive |
| CVE-2023-45135 | XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title | xwiki | xwiki-platform | Critical | 9.0 | 2023-10-25 19:29:05 | Deep Dive |
| CVE-2023-45134 | XWiki Platform XSS vulnerability from account in the create page form via template provider | xwiki | xwiki-platform | Critical | 9.0 | 2023-10-25 19:08:33 | Deep Dive |
| CVE-2023-37913 | org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter | xwiki | xwiki-platform | Critical | 9.9 | 2023-10-25 17:59:46 | Deep Dive |
| CVE-2023-37912 | XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro | xwiki | xwiki-rendering | Critical | 9.9 | 2023-10-25 17:33:55 | Deep Dive |
| CVE-2023-37911 | org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents | xwiki | xwiki-platform | Medium | 6.5 | 2023-10-25 17:19:46 | Deep Dive |
| CVE-2023-37910 | org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move | xwiki | xwiki-platform | High | 8.1 | 2023-10-25 17:17:24 | Deep Dive |
| CVE-2023-37909 | Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet | xwiki | xwiki-platform | Critical | 9.9 | 2023-10-25 17:09:59 | Deep Dive |
| CVE-2023-37908 | org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability | xwiki | xwiki-rendering | Critical | 9.0 | 2023-10-25 16:53:26 | Deep Dive |
| CVE-2023-45138 | Change Request Application vulnerable to XSS and remote code execution through change request title | xwiki-contrib | application-changerequest | Critical | 10.0 | 2023-10-12 16:22:10 | Deep Dive |