Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 8 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-31996 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution xwikixwiki-commons Critical 10.0 2024-04-10 20:46:20 Deep Dive
CVE-2023-36471 HTML sanitizer allows form elements in restricted in org.xwiki.commons:xwiki-commons-xml xwikixwiki-commons Critical 9.0 2023-06-29 19:44:27 Deep Dive
CVE-2023-31126 Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml xwikixwiki-commons Critical 9.0 2023-05-09 12:54:00 Deep Dive
CVE-2023-29528 Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml xwikixwiki-commons Critical 9.0 2023-04-20 17:08:50 Deep Dive
CVE-2023-29201 org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability xwikixwiki-commons Critical 9.0 2023-04-15 14:24:59 Deep Dive
CVE-2023-26055 XWiki Commons may allow privilege escalation to programming rights via user's first name xwikixwiki-commons Critical 9.9 2023-03-02 18:48:16 Deep Dive
CVE-2022-24897 Arbitrary filesystem write access from Velocity xwikixwiki-commons High 7.5 2022-05-02 21:49:17 Deep Dive
CVE-2022-24898 Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml xwikixwiki-commons Medium 4.9 2022-04-28 19:35:10 Deep Dive