Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

xwiki-platform — Vulnerabilities & Security Advisories 228

All 228 CVE vulnerabilities found in xwiki-platform, with AI-generated Chinese analysis, references, and POCs.

This page presents vulnerability aggregation data for XWiki Platform, focusing on software security weaknesses and their associated tags within the vendor’s ecosystem. It collects a comprehensive range of vulnerability records, including remote code execution flaws, cross-site scripting issues, and authentication bypasses, covering all publicly disclosed security incidents from the product’s initial release through the most recent updates. By consolidating these entries, the resource allows users to effectively track the vendor’s historical advisory patterns and correlate specific CVEs with broader weakness classifications. Readers can explore how different vulnerability classes impact the platform’s architecture over time and analyze the chronology of security patches issued by XWiki. This structured overview aids developers, security auditors, and system administrators in assessing the overall risk posture of XWiki Platform deployments. Understanding the evolution of these weaknesses provides critical context for patch management strategies and helps identify persistent security concerns that may not be immediately apparent when reviewing individual reports in isolation. The data serves as a reference point for evaluating the effectiveness of past remediation efforts and anticipating potential future attack vectors based on historical trends.

Vendor: xwiki

CVE IDTitleCVSSSeverityPublished
CVE-2022-41931 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui CWE-95 9.9 Critical2022-11-23
CVE-2022-41932 Creation of new database tables through login form on PostgreSQL CWE-400 7.5 High2022-11-23
CVE-2022-41933 Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default CWE-312 6.2 Medium2022-11-23
CVE-2022-41934 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui CWE-74 9.9 Critical2022-11-23
CVE-2022-41935 Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui CWE-200 5.3 Medium2022-11-23
CVE-2022-41936 Exposure of Private Personal Information to an Unauthorized Actor in xwiki-platform-rest-server CWE-359 5.3 Medium2022-11-22
CVE-2022-41937 Missing Authorization in XWiki Platform CWE-862 9.6 Critical2022-11-22
CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection CWE-95 9.9 Critical2022-09-08
CVE-2022-36098 XWiki Platform Mentions UI vulnerable to Cross-site Scripting CWE-79 8.9 High2022-09-08
CVE-2022-36099 XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability CWE-95 9.9 Critical2022-09-08
CVE-2022-36097 XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form CWE-79 8.9 High2022-09-08
CVE-2022-36096 XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list CWE-79 8.9 High2022-09-08
CVE-2022-36095 XWiki Cross-Site Request Forgery (CSRF) for actions on tags CWE-352 4.3 Medium2022-09-08
CVE-2022-36094 XWiki Platform Web Parent POM vulnerable to XSS in the attachment history CWE-79 8.9 High2022-09-08
CVE-2022-36093 XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard CWE-288 8.5 High2022-09-08
CVE-2022-36092 XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action CWE-287 7.5 High2022-09-08
CVE-2022-36091 XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor CWE-862 7.5 High2022-09-08
CVE-2022-36090 org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users CWE-285 8.1 High2022-09-08
CVE-2022-31166 XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups CWE-269 8.1 High2022-09-07
CVE-2022-31167 XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference CWE-285 7.1 High2022-09-07
CVE-2022-29258 Cross-site Scripting in Filter Stream Converter Application in XWiki Platform CWE-80 7.4 High2022-05-31
CVE-2022-29251 Cross-site Scripting in the Flamingo theme manager CWE-80 7.4 High2022-05-25
CVE-2022-29252 Cross-site Scripting in XWiki Platform Wiki UI Main Wiki CWE-80 7.4 High2022-05-25
CVE-2022-29253 Path Traversal in XWiki Platform CWE-24 2.7 Low2022-05-25
CVE-2022-29161 Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform CWE-327 5.4 Medium2022-05-05
CVE-2022-24820 Unauthenticated user can list hidden document from multiple velocity templates CWE-359 5.3 Medium2022-04-08
CVE-2022-24819 Unauthenticated user can retrieve the list of users through uorgsuggest.vm CWE-359 5.3 Medium2022-04-08
CVE-2022-24821 Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx CWE-648 6.8 Medium2022-04-08
CVE-2022-23622 Cross site scripting in registration template in xwiki-platform CWE-79 7.4 High2022-02-09
CVE-2022-23621 Missing authorization in xwiki-platform CWE-862 5.5 Medium2022-02-09

All 228 known CVE vulnerabilities affecting xwiki-platform with full Chinese analysis, references, and POCs where available.