Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

xwiki-platform — Vulnerabilities & Security Advisories 228

All 228 CVE vulnerabilities found in xwiki-platform, with AI-generated Chinese analysis, references, and POCs.

This page presents vulnerability aggregation data for XWiki Platform, focusing on software security weaknesses and their associated tags within the vendor’s ecosystem. It collects a comprehensive range of vulnerability records, including remote code execution flaws, cross-site scripting issues, and authentication bypasses, covering all publicly disclosed security incidents from the product’s initial release through the most recent updates. By consolidating these entries, the resource allows users to effectively track the vendor’s historical advisory patterns and correlate specific CVEs with broader weakness classifications. Readers can explore how different vulnerability classes impact the platform’s architecture over time and analyze the chronology of security patches issued by XWiki. This structured overview aids developers, security auditors, and system administrators in assessing the overall risk posture of XWiki Platform deployments. Understanding the evolution of these weaknesses provides critical context for patch management strategies and helps identify persistent security concerns that may not be immediately apparent when reviewing individual reports in isolation. The data serves as a reference point for evaluating the effectiveness of past remediation efforts and anticipating potential future attack vectors based on historical trends.

Vendor: xwiki

CVE IDTitleCVSSSeverityPublished
CVE-2023-34465 XWiki Platform's Mail.MailConfig can be edited by any user with edit rights CWE-269 10.0 Critical2023-06-23
CVE-2023-34464 XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template CWE-79 9.1 Critical2023-06-23
CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel CWE-863 10.0 Critical2023-06-20
CVE-2023-32068 URL Redirection to Untrusted Site in XWiki CWE-601 4.7 Medium2023-05-15
CVE-2023-32071 XWiki Platform vulnerable to RXSS via editor parameter - importinline template CWE-116 9.1 Critical2023-05-09
CVE-2023-32069 XWiki Platform privilege escalation (PR)/RCE from account through class sheet CWE-863 10.0 Critical2023-05-09
CVE-2023-29517 Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer CWE-200 7.5 High2023-04-18
CVE-2023-29516 Code injection from view right on XWiki.AttachmentSelector in xwiki-platform CWE-74 9.9 Critical2023-04-18
CVE-2023-29515 Cross-site scripting (XSS) in xwiki-platform CWE-79 7.7 High2023-04-18
CVE-2023-29514 Code injection in template provider administration in xwiki-platform CWE-74 10.0 Critical2023-04-18
CVE-2023-29513 Users can be created even when registration is disabled without validation via the template macro in xwiki-platform CWE-284 5.0 Medium2023-04-18
CVE-2023-29512 Code injection in xwiki-platform-web-templates CWE-74 9.9 Critical2023-04-18
CVE-2023-29510 Code injection via unescaped translations in xwiki-platform CWE-74 10.0 Critical2023-04-18
CVE-2023-29522 Code injection from view right on XWiki.ClassSheet in xwiki-platform CWE-74 9.9 Critical2023-04-18
CVE-2023-29521 Code injection from account/view through VFS Tree macro in xwiki-platform CWE-74 8.4 High2023-04-18
CVE-2023-29520 Page render failure due to broken translations in xwiki-platform CWE-248 4.3 Medium2023-04-18
CVE-2023-29519 Code injection in org.xwiki.platform:xwiki-platform-attachment-ui CWE-74 9.1 Critical2023-04-18
CVE-2023-29518 Code injection from view right using Invitation.InvitationCommon in xwiki-platform CWE-74 9.9 Critical2023-04-18
CVE-2023-29523 Code injection in display method used in user profiles in xwiki-platform CWE-74 10.0 Critical2023-04-18
CVE-2023-29524 Code injection from account through XWiki.SchedulerJobSheet in xwiki-platform CWE-74 10.0 Critical2023-04-18
CVE-2023-29525 Privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platform CWE-74 10.0 Critical2023-04-18
CVE-2023-29526 Async and display macro allow displaying and interacting with any document in restricted mode CWE-74 10.0 Critical2023-04-18
CVE-2023-29527 Code injection from account through AWM view sheet in xwiki platform CWE-74 10.0 Critical2023-04-18
CVE-2023-29213 org.xwiki.platform:xwiki-platform-logging-ui Injection vulnerability CWE-74 9.1 Critical2023-04-17
CVE-2023-29511 xwiki-platform-administration-ui vulnerable to privilege escalation CWE-95 9.9 Critical2023-04-16
CVE-2023-30537 org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation CWE-95 9.9 Critical2023-04-16
CVE-2023-29509 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability CWE-95 10.0 Critical2023-04-16
CVE-2023-29508 org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting CWE-80 8.9 High2023-04-16
CVE-2023-29507 org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors CWE-648 9.1 Critical2023-04-16
CVE-2023-29506 org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticated endpoints CWE-79 5.4 Medium2023-04-16

All 228 known CVE vulnerabilities affecting xwiki-platform with full Chinese analysis, references, and POCs where available.