| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-41046 | Velocity execution without script rights in Xwiki platform | xwiki | xwiki-platform | Medium | 6.3 | 2023-09-01 19:59:23 | Deep Dive |
| CVE-2023-40573 | XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution | xwiki | xwiki-platform | Critical | 9.0 | 2023-08-24 01:31:14 | Deep Dive |
| CVE-2023-40572 | XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action | xwiki | xwiki-platform | Critical | 9.0 | 2023-08-24 01:15:33 | Deep Dive |
| CVE-2023-40177 | XWiki Platform privilege escalation (PR) from account through AWM content fields | xwiki | xwiki-platform | Critical | 9.9 | 2023-08-23 20:11:45 | Deep Dive |
| CVE-2023-40176 | SXSS in the user profile via the timezone displayer | xwiki | xwiki-platform | Critical | 9.0 | 2023-08-23 19:33:15 | Deep Dive |
| CVE-2023-37914 | Privilege escalation (PR)/RCE from account through Invitation subject/message | xwiki | xwiki-platform | Critical | 9.9 | 2023-08-17 17:21:24 | Deep Dive |
| CVE-2023-38509 | XWiki Platform's obfuscated email addresses should not be sorted | xwiki | xwiki-platform | Medium | 4.3 | 2023-07-27 18:53:31 | Deep Dive |
| CVE-2023-37462 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-skin-ui | xwiki | xwiki-platform | Critical | 9.9 | 2023-07-14 20:39:06 | Deep Dive |
| CVE-2023-37277 | XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API | xwiki | xwiki-platform | Critical | 9.6 | 2023-07-10 16:11:14 | Deep Dive |
| CVE-2023-36477 | Persistent Cross-site Scripting (XSS) through CKEditor Configuration pages in XWiki Platform | xwiki | xwiki-platform | Critical | 9.0 | 2023-06-30 18:57:38 | Deep Dive |
| CVE-2023-36468 | Upgrading doesn't prevent exploiting vulnerable XWiki documents | xwiki | xwiki-platform | Critical | 9.9 | 2023-06-29 20:44:34 | Deep Dive |
| CVE-2023-36469 | Code injection through NotificationRSSService in XWiki Platform | xwiki | xwiki-platform | Critical | 9.9 | 2023-06-29 20:38:53 | Deep Dive |
| CVE-2023-36470 | Code injection in icon themes of XWiki Platform | xwiki | xwiki-platform | Critical | 9.9 | 2023-06-29 20:31:54 | Deep Dive |
| CVE-2023-36471 | HTML sanitizer allows form elements in restricted in org.xwiki.commons:xwiki-commons-xml | xwiki | xwiki-commons | Critical | 9.0 | 2023-06-29 19:44:27 | Deep Dive |
| CVE-2023-35162 | XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template | xwiki | xwiki-platform | Critical | 9.6 | 2023-06-23 18:52:20 | Deep Dive |
| CVE-2023-35161 | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page | xwiki | xwiki-platform | Critical | 9.6 | 2023-06-23 18:51:46 | Deep Dive |
| CVE-2023-35160 | XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template | xwiki | xwiki-platform | Critical | 9.6 | 2023-06-23 18:48:18 | Deep Dive |
| CVE-2023-35159 | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template | xwiki | xwiki-platform | Critical | 9.6 | 2023-06-23 18:34:18 | Deep Dive |
| CVE-2023-35158 | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template | xwiki | xwiki-platform | Critical | 9.6 | 2023-06-23 18:26:37 | Deep Dive |
| CVE-2023-35157 | XWiki Platform vulnerable to reflected cross-site scripting via delattachment action | xwiki | xwiki-platform | High | 8.4 | 2023-06-23 18:22:55 | Deep Dive |