Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki-platform — Vulnerabilities & Security Advisories 227

All 227 CVE vulnerabilities found in xwiki-platform, with AI-generated Chinese analysis, references, and POCs.

Vendor: xwiki

CVE IDTitleCVSSSeverityPublished
CVE-2023-37910 org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move CWE-862 8.1 High2023-10-25
CVE-2023-37909 Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet CWE-95 10.0 Critical2023-10-25
CVE-2023-41046 Velocity execution without script rights in Xwiki platform CWE-862 6.3 Medium2023-09-01
CVE-2023-40573 XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution CWE-284 9.1 Critical2023-08-24
CVE-2023-40572 XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action CWE-352 9.1 Critical2023-08-24
CVE-2023-40177 XWiki Platform privilege escalation (PR) from account through AWM content fields CWE-95 9.9 Critical2023-08-23
CVE-2023-40176 SXSS in the user profile via the timezone displayer CWE-79 9.1 Critical2023-08-23
CVE-2023-37914 Privilege escalation (PR)/RCE from account through Invitation subject/message CWE-94 9.9 Critical2023-08-17
CVE-2023-38509 XWiki Platform's obfuscated email addresses should not be sorted CWE-402 4.3 Medium2023-07-27
CVE-2023-37462 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-skin-ui CWE-74 10.0 Critical2023-07-14
CVE-2023-37277 XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API CWE-352 9.7 Critical2023-07-10
CVE-2023-36477 Persistent Cross-site Scripting (XSS) through CKEditor Configuration pages in XWiki Platform CWE-79 9.1 Critical2023-06-30
CVE-2023-36468 Upgrading doesn't prevent exploiting vulnerable XWiki documents CWE-459 10.0 Critical2023-06-29
CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform CWE-74 10.0 Critical2023-06-29
CVE-2023-36470 Code injection in icon themes of XWiki Platform CWE-74 10.0 Critical2023-06-29
CVE-2023-35162 XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template CWE-79 9.7 Critical2023-06-23
CVE-2023-35161 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page CWE-87 9.7 Critical2023-06-23
CVE-2023-35160 XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template CWE-87 9.7 Critical2023-06-23
CVE-2023-35159 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template CWE-87 9.7 Critical2023-06-23
CVE-2023-35158 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template CWE-87 9.7 Critical2023-06-23
CVE-2023-35157 XWiki Platform vulnerable to reflected cross-site scripting via delattachment action CWE-80 8.5 High2023-06-23
CVE-2023-35156 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template CWE-87 9.7 Critical2023-06-23
CVE-2023-35155 XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email CWE-79 8.8 High2023-06-23
CVE-2023-35153 XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters CWE-79 9.1 Critical2023-06-23
CVE-2023-35152 XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults CWE-95 10.0 Critical2023-06-23
CVE-2023-35151 XWiki Platform may show email addresses in clear in REST results CWE-359 7.5 High2023-06-23
CVE-2023-35150 XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application CWE-95 9.9 Critical2023-06-23
CVE-2023-34467 XWiki Platform may retrieve email addresses of all users CWE-402 7.5 High2023-06-23
CVE-2023-34466 XWiki Platform's tags on non-viewable pages can be revealed to users CWE-200 4.3 Medium2023-06-23
CVE-2023-34465 XWiki Platform's Mail.MailConfig can be edited by any user with edit rights CWE-269 10.0 Critical2023-06-23

All 227 known CVE vulnerabilities affecting xwiki-platform with full Chinese analysis, references, and POCs where available.