Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki-platform — Vulnerabilities & Security Advisories 227

All 227 CVE vulnerabilities found in xwiki-platform, with AI-generated Chinese analysis, references, and POCs.

Vendor: xwiki

CVE IDTitleCVSSSeverityPublished
CVE-2023-34464 XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template CWE-79 9.1 Critical2023-06-23
CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel CWE-863 10.0 Critical2023-06-20
CVE-2023-32068 URL Redirection to Untrusted Site in XWiki CWE-601 4.7 Medium2023-05-15
CVE-2023-32071 XWiki Platform vulnerable to RXSS via editor parameter - importinline template CWE-116 9.1 Critical2023-05-09
CVE-2023-32069 XWiki Platform privilege escalation (PR)/RCE from account through class sheet CWE-863 10.0 Critical2023-05-09
CVE-2023-29517 Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer CWE-200 7.5 High2023-04-18
CVE-2023-29516 Code injection from view right on XWiki.AttachmentSelector in xwiki-platform CWE-74 9.9 Critical2023-04-18
CVE-2023-29515 Cross-site scripting (XSS) in xwiki-platform CWE-79 7.7 High2023-04-18
CVE-2023-29514 Code injection in template provider administration in xwiki-platform CWE-74 10.0 Critical2023-04-18
CVE-2023-29513 Users can be created even when registration is disabled without validation via the template macro in xwiki-platform CWE-284 5.0 Medium2023-04-18
CVE-2023-29512 Code injection in xwiki-platform-web-templates CWE-74 9.9 Critical2023-04-18
CVE-2023-29510 Code injection via unescaped translations in xwiki-platform CWE-74 10.0 Critical2023-04-18
CVE-2023-29522 Code injection from view right on XWiki.ClassSheet in xwiki-platform CWE-74 9.9 Critical2023-04-18
CVE-2023-29521 Code injection from account/view through VFS Tree macro in xwiki-platform CWE-74 8.4 High2023-04-18
CVE-2023-29520 Page render failure due to broken translations in xwiki-platform CWE-248 4.3 Medium2023-04-18
CVE-2023-29519 Code injection in org.xwiki.platform:xwiki-platform-attachment-ui CWE-74 9.1 Critical2023-04-18
CVE-2023-29518 Code injection from view right using Invitation.InvitationCommon in xwiki-platform CWE-74 9.9 Critical2023-04-18
CVE-2023-29523 Code injection in display method used in user profiles in xwiki-platform CWE-74 10.0 Critical2023-04-18
CVE-2023-29524 Code injection from account through XWiki.SchedulerJobSheet in xwiki-platform CWE-74 10.0 Critical2023-04-18
CVE-2023-29525 Privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platform CWE-74 10.0 Critical2023-04-18
CVE-2023-29526 Async and display macro allow displaying and interacting with any document in restricted mode CWE-74 10.0 Critical2023-04-18
CVE-2023-29527 Code injection from account through AWM view sheet in xwiki platform CWE-74 10.0 Critical2023-04-18
CVE-2023-29213 org.xwiki.platform:xwiki-platform-logging-ui Injection vulnerability CWE-74 9.1 Critical2023-04-17
CVE-2023-29511 xwiki-platform-administration-ui vulnerable to privilege escalation CWE-95 9.9 Critical2023-04-16
CVE-2023-30537 org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation CWE-95 9.9 Critical2023-04-16
CVE-2023-29509 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability CWE-95 10.0 Critical2023-04-16
CVE-2023-29508 org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting CWE-80 8.9 High2023-04-16
CVE-2023-29507 org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors CWE-648 9.1 Critical2023-04-16
CVE-2023-29506 org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticated endpoints CWE-79 5.4 Medium2023-04-16
CVE-2023-29214 org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability CWE-95 10.0 Critical2023-04-16

All 227 known CVE vulnerabilities affecting xwiki-platform with full Chinese analysis, references, and POCs where available.