| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-29203 | Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm | xwiki | xwiki-platform | Low | 3.7 | 2023-04-15 15:17:47 | Deep Dive |
| CVE-2023-29202 | org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability | xwiki | xwiki-platform | Critical | 9.0 | 2023-04-15 14:28:44 | Deep Dive |
| CVE-2023-27480 | Data leak through a XAR import XXE attack in xwiki-platform-xar-model | xwiki | xwiki-platform | High | 7.7 | 2023-03-07 18:13:40 | Deep Dive |
| CVE-2023-27479 | Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui | xwiki | xwiki-platform | Critical | 9.9 | 2023-03-07 18:09:18 | Deep Dive |
| CVE-2023-26056 | XWiki Platform allows macro execution as any user without programming rights through the context macro | xwiki | xwiki-platform | Medium | 5.4 | 2023-03-02 18:44:00 | Deep Dive |
| CVE-2023-26470 | In XWiki Platform, saving a document with a large object number leads to persistent OOM errors | xwiki | xwiki-platform | Medium | 5.7 | 2023-03-02 18:37:24 | Deep Dive |
| CVE-2023-26471 | XWiki Platform users may execute anything with superadmin right through comments and async macro | xwiki | xwiki-platform | Critical | 9.9 | 2023-03-02 18:28:52 | Deep Dive |
| CVE-2023-26472 | XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile | xwiki | xwiki-platform | Critical | 9.9 | 2023-03-02 18:25:06 | Deep Dive |
| CVE-2023-26473 | XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm | xwiki | xwiki-platform | Medium | 6.5 | 2023-03-02 18:17:09 | Deep Dive |
| CVE-2023-26474 | XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author | xwiki | xwiki-platform | Critical | 9.9 | 2023-03-02 18:12:16 | Deep Dive |
| CVE-2023-26475 | XWiki Platform vulnerable to Remote Code Execution in Annotations | xwiki | xwiki-platform | Critical | 9.9 | 2023-03-02 18:07:04 | Deep Dive |
| CVE-2023-26476 | Two XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor | xwiki | xwiki-platform | High | 7.5 | 2023-03-02 18:02:20 | Deep Dive |
| CVE-2023-26477 | org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability | xwiki | xwiki-platform | Critical | 10.0 | 2023-03-02 17:52:40 | Deep Dive |
| CVE-2023-26478 | org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function | xwiki | xwiki-platform | Medium | 6.6 | 2023-03-02 17:46:15 | Deep Dive |
| CVE-2023-26479 | org.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions | xwiki | xwiki-platform | Medium | 6.5 | 2023-03-02 17:20:19 | Deep Dive |
| CVE-2023-26480 | XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data | xwiki | xwiki-platform | High | 8.9 | 2023-03-02 17:09:19 | Deep Dive |
| CVE-2022-41927 | XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags | xwiki | xwiki-platform | High | 7.4 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41928 | XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml | xwiki | xwiki-platform | Critical | 9.9 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41929 | Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore | xwiki | xwiki-platform | Medium | 4.9 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-41930 | org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users | xwiki | xwiki-platform | High | 7.5 | 2022-11-23 00:00:00 | Deep Dive |