Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki-platform — Vulnerabilities & Security Advisories 227

All 227 CVE vulnerabilities found in xwiki-platform, with AI-generated Chinese analysis, references, and POCs.

Vendor: xwiki

CVE IDTitleCVSSSeverityPublished
CVE-2023-29212 xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability CWE-95 10.0 Critical2023-04-16
CVE-2023-29211 org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability CWE-95 10.0 Critical2023-04-16
CVE-2023-29210 org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability CWE-95 10.0 Critical2023-04-15
CVE-2023-29209 org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability CWE-95 10.0 Critical2023-04-15
CVE-2023-29208 Data leak through deleted documents CWE-668 7.5 High2023-04-15
CVE-2023-29207 Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro CWE-79 8.9 High2023-04-15
CVE-2023-29206 org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins CWE-79 9.1 Critical2023-04-15
CVE-2023-29205 org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro CWE-79 10.0 Critical2023-04-15
CVE-2023-29204 URL Redirection to Untrusted Site ('Open Redirect') in org.xwiki.platform:xwiki-platform-oldcore CWE-601 4.7 Medium2023-04-15
CVE-2023-29203 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm CWE-359 3.7 Low2023-04-15
CVE-2023-29202 org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability CWE-79 9.1 Critical2023-04-15
CVE-2023-27480 Data leak through a XAR import XXE attack in xwiki-platform-xar-model CWE-611 7.7 High2023-03-07
CVE-2023-27479 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui CWE-74 10.0 Critical2023-03-07
CVE-2023-26056 XWiki Platform allows macro execution as any user without programming rights through the context macro CWE-863 5.4 Medium2023-03-02
CVE-2023-26470 In XWiki Platform, saving a document with a large object number leads to persistent OOM errors CWE-400 5.7 Medium2023-03-02
CVE-2023-26471 XWiki Platform users may execute anything with superadmin right through comments and async macro CWE-284 10.0 Critical2023-03-02
CVE-2023-26472 XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile CWE-116 10.0 Critical2023-03-02
CVE-2023-26473 XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm CWE-284 6.5 Medium2023-03-02
CVE-2023-26474 XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author CWE-284 10.0 Critical2023-03-02
CVE-2023-26475 XWiki Platform vulnerable to Remote Code Execution in Annotations CWE-270 10.0 Critical2023-03-02
CVE-2023-26476 Two XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor CWE-200 7.5 High2023-03-02
CVE-2023-26477 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability CWE-95 10.0 Critical2023-03-02
CVE-2023-26478 org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function CWE-749 6.6 Medium2023-03-02
CVE-2023-26479 org.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions CWE-755 6.5 Medium2023-03-02
CVE-2023-26480 XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data CWE-79 8.9 High2023-03-02
CVE-2022-41927 XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags CWE-352 7.4 High2022-11-23
CVE-2022-41928 XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml CWE-95 9.9 Critical2022-11-23
CVE-2022-41929 Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore CWE-862 4.9 Medium2022-11-23
CVE-2022-41930 org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users CWE-862 7.5 High2022-11-23
CVE-2022-41931 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui CWE-95 9.9 Critical2022-11-23

All 227 known CVE vulnerabilities affecting xwiki-platform with full Chinese analysis, references, and POCs where available.