Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki-platform — Vulnerabilities & Security Advisories 227

All 227 CVE vulnerabilities found in xwiki-platform, with AI-generated Chinese analysis, references, and POCs.

Vendor: xwiki

CVE IDTitleCVSSSeverityPublished
CVE-2025-32972 The lesscss script service allows cache clearing without programming right CWE-285 2.7 Low2025-04-30
CVE-2025-32971 XWiki Solr script service doesn't take dropped programming right into account CWE-863 3.8 Low2025-04-30
CVE-2025-32970 org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability CWE-601 6.1 Medium2025-04-30
CVE-2025-32969 org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API CWE-89 9.8 -2025-04-23
CVE-2025-32968 org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API CWE-89 8.8 -2025-04-23
CVE-2025-32783 XWiki allows unregistered users to see "public" messages from a closed wiki via notifications from a different wiki CWE-668 4.7 Medium2025-04-16
CVE-2025-29926 The WikiManager REST API allows any user to create wikis CWE-285 8.8 -2025-03-19
CVE-2025-29925 XWiki allows unregistered users to access private pages information through REST endpoint CWE-402 5.3 -2025-03-19
CVE-2025-29924 XWiki uses the wrong wiki reference in AuthorizationManager CWE-269 6.5 -2025-03-19
CVE-2025-24893 Remote code execution as guest via SolrSearchMacros request in xwiki CWE-95 9.8 Critical2025-02-20
CVE-2025-23025 Privilege escalation (PR) through realtime WYSIWYG editing in XWiki CWE-862 9.1 Critical2025-01-14
CVE-2024-55879 XWiki allows RCE from script right in configurable sections CWE-862 9.1 Critical2024-12-12
CVE-2024-55877 XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList CWE-96 10.0 Critical2024-12-12
CVE-2024-55876 XWiki's scheduler in subwiki allows scheduling operations for any main wiki user CWE-862 7.1 -2024-12-12
CVE-2024-55663 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter CWE-116 8.8 -2024-12-12
CVE-2024-55662 XWiki allows remote code execution through the extension sheet CWE-96 10.0 Critical2024-12-12
CVE-2024-46978 Missing checks for notification filter preferences editions in XWiki Platform CWE-648 6.5 Medium2024-09-18
CVE-2024-46979 Data leak of notification filters of users in XWiki Platform CWE-200 5.3 Medium2024-09-18
CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors CWE-862 5.3 Medium2024-09-10
CVE-2024-43400 XWiki Platform allows XSS through XClass name in string properties CWE-96 9.1 Critical2024-08-19
CVE-2024-43401 In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them CWE-269 9.1 Critical2024-08-19
CVE-2024-41947 XWiki Platform XSS through conflict resolution CWE-80 9.1 Critical2024-07-31
CVE-2024-37901 XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet CWE-95 10.0 Critical2024-07-31
CVE-2024-37900 XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader CWE-96 6.4 Medium2024-07-31
CVE-2024-37898 XWiki Platform vulnerable to document deletion and overwrite from edit CWE-862 4.3 Medium2024-07-31
CVE-2024-38369 XWiki programming rights may be inherited by inclusion CWE-863 10.0 Critical2024-06-24
CVE-2024-37899 Disabling a user account changes its author, allowing RCE from user account in XWiki CWE-94 9.1 Critical2024-06-20
CVE-2024-31997 XWiki Platform remote code execution from account through UIExtension parameters CWE-862 10.0 Critical2024-04-10
CVE-2024-31988 XWiki Platform CSRF remote code execution through the realtime HTML Converter API CWE-352 9.7 Critical2024-04-10
CVE-2024-31987 XWiki Platform remote code execution from account via custom skins support CWE-862 10.0 Critical2024-04-10

All 227 known CVE vulnerabilities affecting xwiki-platform with full Chinese analysis, references, and POCs where available.