Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by xwiki:xwiki-platformxwiki-commonsxwiki-renderingXWiki Platformorg.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPublished
CVE-2026-40105 XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality — xwiki-platformCWE-80 8.8 -2026-04-15
CVE-2026-40104 XWiki's REST APIs can list all pages/spaces, leading to unavailability — org.xwiki.platform:xwiki-platform-oldcoreCWE-770 7.5 -2026-04-15
CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API — xwiki-platformCWE-862 9.9AICriticalAI2026-04-08
CVE-2026-26000 XWiki Platform affected by click-jacking through CSS injection in comments — xwiki-platformCWE-1021 4.1AIMediumAI2026-02-12
CVE-2026-24128 XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages — xwiki-platformCWE-79 9.6 -2026-01-23
CVE-2025-66474 XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection — xwiki-renderingCWE-95 8.8AIHighAI2025-12-10
CVE-2025-66473 XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis — xwiki-platformCWE-770 7.5AIHighAI2025-12-10
CVE-2025-66472 XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication — xwiki-platformCWE-79 6.1AIMediumAI2025-12-10
CVE-2025-55749 The XWiki Jetty package (XJetty) allows accessing any application file through URL — xwiki-platformCWE-284 7.5AIHighAI2025-12-01
CVE-2025-52472 XWiki Platform vulnerable to HQL injection via wiki and space search REST API — xwiki-platformCWE-89 7.1AIHighAI2025-10-06
CVE-2025-55748 XWiki Platform's configuration files can be accessed through jsx and sx endpoints — xwiki-platformCWE-23 7.5AIHighAI2025-09-03
CVE-2025-55747 XWiki Platform's configuration files can be accessed through the webjars API — xwiki-platformCWE-23 7.5AIHighAI2025-09-03
CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses — xwiki-platformCWE-212 5.8 Medium2025-08-28
CVE-2025-54125 XWiki Platform: Password and email exposure in xml.vm fields — xwiki-platformCWE-359 8.1AIHighAI2025-08-05
CVE-2025-54124 XWiki Platform: Any user with editing rights can access password properties through Database List Properties — xwiki-platformCWE-359 6.5AIMediumAI2025-08-05
CVE-2025-32430 XWiki Platform contains Reflected XSS vulnerability in two templates — xwiki-platformCWE-79 6.1AIMediumAI2025-08-05
CVE-2025-54385 XWiki Platform's searchDocuments API allows for SQL injection — xwiki-platformCWE-20 8.8 -2025-07-26
CVE-2025-32429 XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter — xwiki-platformCWE-89 9.8 -2025-07-24
CVE-2025-53836 XWiki Rendering is vulnerable to RCE attacks when processing nested macros — xwiki-renderingCWE-863 10.0 Critical2025-07-14
CVE-2025-53835 XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax — xwiki-renderingCWE-79 9.1 Critical2025-07-14
CVE-2025-49587 XWiki does not require right warnings for notification displayer objects — xwiki-platformCWE-357 5.4AIMediumAI2025-06-13
CVE-2025-49586 XWiki allows remote code execution through preview of XClass changes in AWM editor — xwiki-platformCWE-863 8.8AIHighAI2025-06-13
CVE-2025-49585 XWiki does not require right warnings for XClass definitions — xwiki-platformCWE-357 6.3AIMediumAI2025-06-13
CVE-2025-49584 XWiki makes title of inaccessible pages available through the class property values REST API — xwiki-platformCWE-201 5.3AIMediumAI2025-06-13
CVE-2025-49583 XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right — xwiki-platformCWE-270 4.6AIMediumAI2025-06-13
CVE-2025-49582 XWiki's required right warnings for macros are incomplete — xwiki-platformCWE-357 5.4AIMediumAI2025-06-13
CVE-2025-49581 XWiki allows remote code execution through default value of wiki macro wiki-type parameters — xwiki-platformCWE-94 8.8AIHighAI2025-06-13
CVE-2025-49580 XWiki allows privilege escalation through link refactoring — xwiki-platformCWE-266 9.3AICriticalAI2025-06-13
CVE-2024-56158 XWiki allows SQL injection in query endpoint of REST API with Oracle — xwiki-platformCWE-89 9.8AICriticalAI2025-06-12
CVE-2025-48063 XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right — xwiki-platformCWE-285 7.1AIHighAI2025-05-21

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.