Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki-platform — Vulnerabilities & Security Advisories 227

All 227 CVE vulnerabilities found in xwiki-platform, with AI-generated Chinese analysis, references, and POCs.

Vendor: xwiki

CVE IDTitleCVSSSeverityPublished
CVE-2024-31986 XWiki Platform CSRF remote code execution through scheduler job's document reference CWE-352 9.1 Critical2024-04-10
CVE-2024-31985 XWiki Platform CSRF in the job scheduler CWE-352 5.4 Medium2024-04-10
CVE-2024-31984 XWiki Platform: Remote code execution through space title and Solr space facet CWE-95 10.0 Critical2024-04-10
CVE-2024-31983 XWiki Platform: Remote code execution from edit in multilingual wikis via translations CWE-862 10.0 Critical2024-04-10
CVE-2024-31982 XWiki Platform: Remote code execution as guest via DatabaseSearch CWE-95 10.0 Critical2024-04-10
CVE-2024-31981 XWiki Platform: Privilege escalation (PR) from user registration through PDFClass CWE-862 10.0 Critical2024-04-10
CVE-2024-31465 XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet CWE-95 10.0 Critical2024-04-10
CVE-2024-31464 XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted CWE-200 6.8 Medium2024-04-10
CVE-2024-21648 XWiki has no right protection on rollback action CWE-274 8.0 High2024-01-08
CVE-2024-21651 XWiki Denial of Service attack through attachments CWE-400 7.5 High2024-01-08
CVE-2024-21650 XWiki Remote Code Execution vulnerability via user registration CWE-95 10.0 Critical2024-01-08
CVE-2023-50732 Velocity execution without script right through tree macro CWE-863 8.3 High2023-12-21
CVE-2023-50723 XWiki Platform remote code execution/programming rights with configuration section from any user account CWE-95 10.0 Critical2023-12-15
CVE-2023-50722 XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass CWE-79 9.7 Critical2023-12-15
CVE-2023-50721 XWiki Platform RCE from account through SearchAdmin CWE-95 10.0 Critical2023-12-15
CVE-2023-50719 XWiki Platform Solr search discloses password hashes of all users CWE-359 7.5 High2023-12-15
CVE-2023-50720 XWiki Platform Solr search discloses email addresses of users CWE-200 5.3 Medium2023-12-15
CVE-2023-48241 XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service CWE-285 7.5 High2023-11-20
CVE-2023-48240 XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery CWE-201 9.1 Critical2023-11-20
CVE-2023-46243 Code execution via the edit action in XWiki platform CWE-94 10.0 Critical2023-11-07
CVE-2023-46242 Code injection in XWiki Platform CWE-94 9.7 Critical2023-11-07
CVE-2023-46244 Privilege escalation in Xwiki platform CWE-863 9.1 Critical2023-11-07
CVE-2023-46731 Remote code execution through the section parameter in Administration as guest in XWiki Platform CWE-94 10.0 Critical2023-11-06
CVE-2023-46732 Reflected Cross-site scripting through revision parameter in content menu in XWiki Platform CWE-79 9.7 Critical2023-11-06
CVE-2023-45137 XWiki Platform XSS with edit right in the create document form for existing pages CWE-79 9.1 Critical2023-10-25
CVE-2023-45136 XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled CWE-79 9.7 Critical2023-10-25
CVE-2023-45135 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title CWE-116 9.1 Critical2023-10-25
CVE-2023-45134 XWiki Platform XSS vulnerability from account in the create page form via template provider CWE-79 9.1 Critical2023-10-25
CVE-2023-37913 org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter CWE-23 10.0 Critical2023-10-25
CVE-2023-37911 org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents CWE-668 6.5 Medium2023-10-25

All 227 known CVE vulnerabilities affecting xwiki-platform with full Chinese analysis, references, and POCs where available.