Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

xwiki-platform — Vulnerabilities & Security Advisories 228

All 228 CVE vulnerabilities found in xwiki-platform, with AI-generated Chinese analysis, references, and POCs.

This page presents vulnerability aggregation data for XWiki Platform, focusing on software security weaknesses and their associated tags within the vendor’s ecosystem. It collects a comprehensive range of vulnerability records, including remote code execution flaws, cross-site scripting issues, and authentication bypasses, covering all publicly disclosed security incidents from the product’s initial release through the most recent updates. By consolidating these entries, the resource allows users to effectively track the vendor’s historical advisory patterns and correlate specific CVEs with broader weakness classifications. Readers can explore how different vulnerability classes impact the platform’s architecture over time and analyze the chronology of security patches issued by XWiki. This structured overview aids developers, security auditors, and system administrators in assessing the overall risk posture of XWiki Platform deployments. Understanding the evolution of these weaknesses provides critical context for patch management strategies and helps identify persistent security concerns that may not be immediately apparent when reviewing individual reports in isolation. The data serves as a reference point for evaluating the effectiveness of past remediation efforts and anticipating potential future attack vectors based on historical trends.

Vendor: xwiki

CVE IDTitleCVSSSeverityPublished
CVE-2023-37911 org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents CWE-668 6.5 Medium2023-10-25
CVE-2023-37910 org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move CWE-862 8.1 High2023-10-25
CVE-2023-37909 Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet CWE-95 10.0 Critical2023-10-25
CVE-2023-41046 Velocity execution without script rights in Xwiki platform CWE-862 6.3 Medium2023-09-01
CVE-2023-40573 XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution CWE-284 9.1 Critical2023-08-24
CVE-2023-40572 XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action CWE-352 9.1 Critical2023-08-24
CVE-2023-40177 XWiki Platform privilege escalation (PR) from account through AWM content fields CWE-95 9.9 Critical2023-08-23
CVE-2023-40176 SXSS in the user profile via the timezone displayer CWE-79 9.1 Critical2023-08-23
CVE-2023-37914 Privilege escalation (PR)/RCE from account through Invitation subject/message CWE-94 9.9 Critical2023-08-17
CVE-2023-38509 XWiki Platform's obfuscated email addresses should not be sorted CWE-402 4.3 Medium2023-07-27
CVE-2023-37462 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-skin-ui CWE-74 10.0 Critical2023-07-14
CVE-2023-37277 XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API CWE-352 9.7 Critical2023-07-10
CVE-2023-36477 Persistent Cross-site Scripting (XSS) through CKEditor Configuration pages in XWiki Platform CWE-79 9.1 Critical2023-06-30
CVE-2023-36468 Upgrading doesn't prevent exploiting vulnerable XWiki documents CWE-459 10.0 Critical2023-06-29
CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform CWE-74 10.0 Critical2023-06-29
CVE-2023-36470 Code injection in icon themes of XWiki Platform CWE-74 10.0 Critical2023-06-29
CVE-2023-35162 XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template CWE-79 9.7 Critical2023-06-23
CVE-2023-35161 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page CWE-87 9.7 Critical2023-06-23
CVE-2023-35160 XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template CWE-87 9.7 Critical2023-06-23
CVE-2023-35159 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template CWE-87 9.7 Critical2023-06-23
CVE-2023-35158 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template CWE-87 9.7 Critical2023-06-23
CVE-2023-35157 XWiki Platform vulnerable to reflected cross-site scripting via delattachment action CWE-80 8.5 High2023-06-23
CVE-2023-35156 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template CWE-87 9.7 Critical2023-06-23
CVE-2023-35155 XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email CWE-79 8.8 High2023-06-23
CVE-2023-35153 XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters CWE-79 9.1 Critical2023-06-23
CVE-2023-35152 XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults CWE-95 10.0 Critical2023-06-23
CVE-2023-35151 XWiki Platform may show email addresses in clear in REST results CWE-359 7.5 High2023-06-23
CVE-2023-35150 XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application CWE-95 9.9 Critical2023-06-23
CVE-2023-34467 XWiki Platform may retrieve email addresses of all users CWE-402 7.5 High2023-06-23
CVE-2023-34466 XWiki Platform's tags on non-viewable pages can be revealed to users CWE-200 4.3 Medium2023-06-23

All 228 known CVE vulnerabilities affecting xwiki-platform with full Chinese analysis, references, and POCs where available.