Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products xwiki:xwiki-platformxwiki-commonsxwiki-renderingXWiki Platformorg.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPaused
CVE-2025-46554 XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API — xwiki-platformCWE-862 5.3 Medium2025-04-30
CVE-2025-46557 Any user with view access to the XWiki space can change the authenticator — xwiki-platformCWE-862 8.1AIHighAI2025-04-30
CVE-2025-32973 org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right — xwiki-platformCWE-862 9.1 Critical2025-04-30
CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type — xwiki-platformCWE-116 9.1 Critical2025-04-30
CVE-2025-32972 The lesscss script service allows cache clearing without programming right — xwiki-platformCWE-285 2.7 Low2025-04-30
CVE-2025-32971 XWiki Solr script service doesn't take dropped programming right into account — xwiki-platformCWE-863 3.8 Low2025-04-30
CVE-2025-32970 org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability — xwiki-platformCWE-601 6.1 Medium2025-04-30
CVE-2025-32969 org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API — xwiki-platformCWE-89 9.8 -2025-04-23
CVE-2025-32968 org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API — xwiki-platformCWE-89 8.8 -2025-04-23
CVE-2025-32783 XWiki allows unregistered users to see "public" messages from a closed wiki via notifications from a different wiki — xwiki-platformCWE-668 4.7 Medium2025-04-16
CVE-2025-29926 The WikiManager REST API allows any user to create wikis — xwiki-platformCWE-285 8.8 -2025-03-19
CVE-2025-29925 XWiki allows unregistered users to access private pages information through REST endpoint — xwiki-platformCWE-402 5.3 -2025-03-19
CVE-2025-29924 XWiki uses the wrong wiki reference in AuthorizationManager — xwiki-platformCWE-269 6.5 -2025-03-19
CVE-2025-24893 Remote code execution as guest via SolrSearchMacros request in xwiki — xwiki-platformCWE-95 9.8 Critical2025-02-20
CVE-2025-23025 Privilege escalation (PR) through realtime WYSIWYG editing in XWiki — xwiki-platformCWE-862 9.1 Critical2025-01-14
CVE-2024-55879 XWiki allows RCE from script right in configurable sections — xwiki-platformCWE-862 9.1 Critical2024-12-12
CVE-2024-55877 XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList — xwiki-platformCWE-96 10.0 Critical2024-12-12
CVE-2024-55876 XWiki's scheduler in subwiki allows scheduling operations for any main wiki user — xwiki-platformCWE-862 7.1 -2024-12-12
CVE-2024-55663 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter — xwiki-platformCWE-116 8.8 -2024-12-12
CVE-2024-55662 XWiki allows remote code execution through the extension sheet — xwiki-platformCWE-96 10.0 Critical2024-12-12
CVE-2024-46978 Missing checks for notification filter preferences editions in XWiki Platform — xwiki-platformCWE-648 6.5 Medium2024-09-18
CVE-2024-46979 Data leak of notification filters of users in XWiki Platform — xwiki-platformCWE-200 5.3 Medium2024-09-18
CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors — xwiki-platformCWE-862 5.3 Medium2024-09-10
CVE-2024-43400 XWiki Platform allows XSS through XClass name in string properties — xwiki-platformCWE-96 9.1 Critical2024-08-19
CVE-2024-43401 In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them — xwiki-platformCWE-269 9.1 Critical2024-08-19
CVE-2024-41947 XWiki Platform XSS through conflict resolution — xwiki-platformCWE-80 9.1 Critical2024-07-31
CVE-2024-37901 XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet — xwiki-platformCWE-95 10.0 Critical2024-07-31
CVE-2024-37900 XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader — xwiki-platformCWE-96 6.4 Medium2024-07-31
CVE-2024-37898 XWiki Platform vulnerable to document deletion and overwrite from edit — xwiki-platformCWE-862 4.3 Medium2024-07-31
CVE-2024-38369 XWiki programming rights may be inherited by inclusion — xwiki-platformCWE-863 10.0 Critical2024-06-24

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.