Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki-platform — Vulnerabilities & Security Advisories 227

All 227 CVE vulnerabilities found in xwiki-platform, with AI-generated Chinese analysis, references, and POCs.

Vendor: xwiki

CVE IDTitleCVSSSeverityPublished
CVE-2022-23619 Information exposure in xwiki-platform CWE-200 5.3 Medium2022-02-09
CVE-2022-23618 Open Redirect in xwiki-platform CWE-601 4.7 Medium2022-02-09
CVE-2022-23617 Missing authorization in xwiki-platform CWE-862 6.5 Medium2022-02-09
CVE-2022-23616 Remote code execution in xwiki-platform CWE-74 8.8 High2022-02-09
CVE-2022-23615 Partial authorization bypass on document save in xwiki-platform CWE-863 5.4 Medium2022-02-09
CVE-2021-43841 XSS by SVG upload in xwiki-platform CWE-79 5.4 Medium2022-02-04
CVE-2021-32732 Cross-Site Request Forgery in xwiki-platform CWE-352 7.5 High2022-02-04
CVE-2021-32731 The reset password form reveal users email address CWE-200 5.3 Medium2021-07-01
CVE-2021-32730 No CSRF protection on the password change form CWE-352 5.7 Medium2021-07-01
CVE-2021-32729 A user without PR can reset user authentication failures information CWE-693 2.0 Low2021-07-01
CVE-2021-32620 Users registered with email verification can self re-activate their disabled accounts CWE-285 8.8 High2021-05-28
CVE-2021-32621 Script injection without script or programming rights through Gadget titles CWE-94 8.8 High2021-05-28
CVE-2021-29459 XSS Cross Site Scripting CWE-79 9.6 Critical2021-04-20
CVE-2021-21380 Rating Script Service expose XWiki to SQL injection CWE-89 7.7 High2021-03-23
CVE-2021-21379 It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro CWE-281 7.7 High2021-03-12
CVE-2020-15252 RCE in XWiki CWE-94 8.5 High2020-10-16
CVE-2020-15171 Users with SCRIPT rights can execute arbitrary code in XWiki CWE-94 6.6 Medium2020-09-10

All 227 known CVE vulnerabilities affecting xwiki-platform with full Chinese analysis, references, and POCs where available.