Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki-contrib — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting xwiki-contrib. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by xwiki-contrib:Mocca Calendaroidcapplication-changerequestapplication-admintoolsmacro-fullcalendarapplication-ckeditorjirasyntax-markdownapplication-blogapplication-blog-ui
CVE IDTitleCVSSSeverityPublished
CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title — application-blog-uiCWE-79 5.4AIMediumAI2026-03-04
CVE-2025-65091 XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService — macro-fullcalendarCWE-89 10.0 Critical2026-01-10
CVE-2025-65090 XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService — macro-fullcalendarCWE-200 5.3 Medium2026-01-10
CVE-2025-49594 XWiki OIDC Authenticator vulnerable to creation of token for any user with just `view` right — oidcCWE-285 8.8AIHighAI2025-10-06
CVE-2025-58365 XWiki Blog Application: Privilege Escalation (PR) from account through blog content — application-blogCWE-95 8.8AIHighAI2025-09-08
CVE-2025-52132 XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 — Mocca CalendarCWE-79 6.4 Medium2025-08-03
CVE-2025-52131 XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 — Mocca CalendarCWE-79 6.4 Medium2025-08-03
CVE-2025-52133 XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 — Mocca CalendarCWE-79 6.4 Medium2025-08-03
CVE-2025-46558 org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content — syntax-markdownCWE-79 9.1 Critical2025-04-30
CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server — jiraCWE-611 7.7 High2025-04-03
CVE-2023-49280 Data leak of password hash through xwiki change request — application-changerequestCWE-522 7.7 High2023-12-04
CVE-2023-48293 XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries — application-admintoolsCWE-352 8.8 High2023-11-20
CVE-2023-48292 XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks — application-admintoolsCWE-352 9.7 Critical2023-11-20
CVE-2023-45138 Change Request Application vulnerable to XSS and remote code execution through change request title — application-changerequestCWE-79 10.0 Critical2023-10-12
CVE-2023-22457 org.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery — application-ckeditorCWE-352 9.1 Critical2023-01-04
CVE-2022-39387 XWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication — oidcCWE-287 9.1 Critical2022-11-04

This page lists every published CVE security advisory associated with xwiki-contrib. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.