| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-35156 | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template | xwiki | xwiki-platform | Critical | 9.6 | 2023-06-23 18:19:57 | Deep Dive |
| CVE-2023-35155 | XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email | xwiki | xwiki-platform | High | 8.8 | 2023-06-23 18:15:05 | Deep Dive |
| CVE-2023-35153 | XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters | xwiki | xwiki-platform | Critical | 9.0 | 2023-06-23 17:19:59 | Deep Dive |
| CVE-2023-35152 | XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults | xwiki | xwiki-platform | Critical | 9.9 | 2023-06-23 16:41:51 | Deep Dive |
| CVE-2023-35151 | XWiki Platform may show email addresses in clear in REST results | xwiki | xwiki-platform | High | 7.5 | 2023-06-23 16:33:01 | Deep Dive |
| CVE-2023-35150 | XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application | xwiki | xwiki-platform | Critical | 9.9 | 2023-06-23 16:26:55 | Deep Dive |
| CVE-2023-34467 | XWiki Platform may retrieve email addresses of all users | xwiki | xwiki-platform | High | 7.5 | 2023-06-23 16:20:51 | Deep Dive |
| CVE-2023-34466 | XWiki Platform's tags on non-viewable pages can be revealed to users | xwiki | xwiki-platform | Medium | 4.3 | 2023-06-23 15:26:11 | Deep Dive |
| CVE-2023-34465 | XWiki Platform's Mail.MailConfig can be edited by any user with edit rights | xwiki | xwiki-platform | Critical | 9.9 | 2023-06-23 15:08:00 | Deep Dive |
| CVE-2023-34464 | XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template | xwiki | xwiki-platform | Critical | 9.0 | 2023-06-23 14:44:47 | Deep Dive |
| CVE-2023-35166 | Privilege escalation (PR) from account through TipsPanel | xwiki | xwiki-platform | Critical | 9.9 | 2023-06-20 19:29:52 | Deep Dive |
| CVE-2023-32068 | URL Redirection to Untrusted Site in XWiki | xwiki | xwiki-platform | Medium | 4.7 | 2023-05-15 20:53:09 | Deep Dive |
| CVE-2023-32070 | Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers | xwiki | xwiki-rendering | Critical | 9.0 | 2023-05-10 17:18:07 | Deep Dive |
| CVE-2023-32071 | XWiki Platform vulnerable to RXSS via editor parameter - importinline template | xwiki | xwiki-platform | Critical | 9.0 | 2023-05-09 15:42:16 | Deep Dive |
| CVE-2023-32069 | XWiki Platform privilege escalation (PR)/RCE from account through class sheet | xwiki | xwiki-platform | Critical | 9.9 | 2023-05-09 15:32:00 | Deep Dive |
| CVE-2023-31126 | Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml | xwiki | xwiki-commons | Critical | 9.0 | 2023-05-09 12:54:00 | Deep Dive |
| CVE-2023-29528 | Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml | xwiki | xwiki-commons | Critical | 9.0 | 2023-04-20 17:08:50 | Deep Dive |
| CVE-2023-29517 | Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer | xwiki | xwiki-platform | High | 7.5 | 2023-04-18 23:54:13 | Deep Dive |
| CVE-2023-29516 | Code injection from view right on XWiki.AttachmentSelector in xwiki-platform | xwiki | xwiki-platform | Critical | 9.9 | 2023-04-18 23:51:59 | Deep Dive |
| CVE-2023-29515 | Cross-site scripting (XSS) in xwiki-platform | xwiki | xwiki-platform | High | 7.7 | 2023-04-18 23:50:17 | Deep Dive |