Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki-platform — Vulnerabilities & Security Advisories 227

All 227 CVE vulnerabilities found in xwiki-platform, with AI-generated Chinese analysis, references, and POCs.

Vendor: xwiki

CVE IDTitleCVSSSeverityPublished
CVE-2022-41932 Creation of new database tables through login form on PostgreSQL CWE-400 7.5 High2022-11-23
CVE-2022-41933 Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default CWE-312 6.2 Medium2022-11-23
CVE-2022-41934 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui CWE-74 9.9 Critical2022-11-23
CVE-2022-41935 Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui CWE-200 5.3 Medium2022-11-23
CVE-2022-41936 Exposure of Private Personal Information to an Unauthorized Actor in xwiki-platform-rest-server CWE-359 5.3 Medium2022-11-22
CVE-2022-41937 Missing Authorization in XWiki Platform CWE-862 9.6 Critical2022-11-22
CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection CWE-95 9.9 Critical2022-09-08
CVE-2022-36098 XWiki Platform Mentions UI vulnerable to Cross-site Scripting CWE-79 8.9 High2022-09-08
CVE-2022-36099 XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability CWE-95 9.9 Critical2022-09-08
CVE-2022-36097 XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form CWE-79 8.9 High2022-09-08
CVE-2022-36096 XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list CWE-79 8.9 High2022-09-08
CVE-2022-36095 XWiki Cross-Site Request Forgery (CSRF) for actions on tags CWE-352 4.3 Medium2022-09-08
CVE-2022-36094 XWiki Platform Web Parent POM vulnerable to XSS in the attachment history CWE-79 8.9 High2022-09-08
CVE-2022-36093 XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard CWE-288 8.5 High2022-09-08
CVE-2022-36092 XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action CWE-287 7.5 High2022-09-08
CVE-2022-36091 XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor CWE-862 7.5 High2022-09-08
CVE-2022-36090 org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users CWE-285 8.1 High2022-09-08
CVE-2022-31166 XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups CWE-269 8.1 High2022-09-07
CVE-2022-31167 XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference CWE-285 7.1 High2022-09-07
CVE-2022-29258 Cross-site Scripting in Filter Stream Converter Application in XWiki Platform CWE-80 7.4 High2022-05-31
CVE-2022-29251 Cross-site Scripting in the Flamingo theme manager CWE-80 7.4 High2022-05-25
CVE-2022-29252 Cross-site Scripting in XWiki Platform Wiki UI Main Wiki CWE-80 7.4 High2022-05-25
CVE-2022-29253 Path Traversal in XWiki Platform CWE-24 2.7 Low2022-05-25
CVE-2022-29161 Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform CWE-327 5.4 Medium2022-05-05
CVE-2022-24820 Unauthenticated user can list hidden document from multiple velocity templates CWE-359 5.3 Medium2022-04-08
CVE-2022-24819 Unauthenticated user can retrieve the list of users through uorgsuggest.vm CWE-359 5.3 Medium2022-04-08
CVE-2022-24821 Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx CWE-648 6.8 Medium2022-04-08
CVE-2022-23622 Cross site scripting in registration template in xwiki-platform CWE-79 7.4 High2022-02-09
CVE-2022-23621 Missing authorization in xwiki-platform CWE-862 5.5 Medium2022-02-09
CVE-2022-23620 Path traversal in xwiki-platform-skin-skinx CWE-22 6.8 Medium2022-02-09

All 227 known CVE vulnerabilities affecting xwiki-platform with full Chinese analysis, references, and POCs where available.