Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by xwiki:xwiki-platformxwiki-commonsxwiki-renderingXWiki Platformorg.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPublished
CVE-2024-37899 Disabling a user account changes its author, allowing RCE from user account in XWiki — xwiki-platformCWE-94 9.1 Critical2024-06-20
CVE-2024-31997 XWiki Platform remote code execution from account through UIExtension parameters — xwiki-platformCWE-862 10.0 Critical2024-04-10
CVE-2024-31996 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution — xwiki-commonsCWE-95 10.0 Critical2024-04-10
CVE-2024-31988 XWiki Platform CSRF remote code execution through the realtime HTML Converter API — xwiki-platformCWE-352 9.7 Critical2024-04-10
CVE-2024-31987 XWiki Platform remote code execution from account via custom skins support — xwiki-platformCWE-862 10.0 Critical2024-04-10
CVE-2024-31986 XWiki Platform CSRF remote code execution through scheduler job's document reference — xwiki-platformCWE-352 9.1 Critical2024-04-10
CVE-2024-31985 XWiki Platform CSRF in the job scheduler — xwiki-platformCWE-352 5.4 Medium2024-04-10
CVE-2024-31984 XWiki Platform: Remote code execution through space title and Solr space facet — xwiki-platformCWE-95 10.0 Critical2024-04-10
CVE-2024-31983 XWiki Platform: Remote code execution from edit in multilingual wikis via translations — xwiki-platformCWE-862 10.0 Critical2024-04-10
CVE-2024-31982 XWiki Platform: Remote code execution as guest via DatabaseSearch — xwiki-platformCWE-95 10.0 Critical2024-04-10
CVE-2024-31981 XWiki Platform: Privilege escalation (PR) from user registration through PDFClass — xwiki-platformCWE-862 10.0 Critical2024-04-10
CVE-2024-31465 XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet — xwiki-platformCWE-95 10.0 Critical2024-04-10
CVE-2024-31464 XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted — xwiki-platformCWE-200 6.8 Medium2024-04-10
CVE-2024-21648 XWiki has no right protection on rollback action — xwiki-platformCWE-274 8.0 High2024-01-08
CVE-2024-21651 XWiki Denial of Service attack through attachments — xwiki-platformCWE-400 7.5 High2024-01-08
CVE-2024-21650 XWiki Remote Code Execution vulnerability via user registration — xwiki-platformCWE-95 10.0 Critical2024-01-08
CVE-2023-50732 Velocity execution without script right through tree macro — xwiki-platformCWE-863 8.3 High2023-12-21
CVE-2023-50723 XWiki Platform remote code execution/programming rights with configuration section from any user account — xwiki-platformCWE-95 10.0 Critical2023-12-15
CVE-2023-50722 XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass — xwiki-platformCWE-79 9.7 Critical2023-12-15
CVE-2023-50721 XWiki Platform RCE from account through SearchAdmin — xwiki-platformCWE-95 10.0 Critical2023-12-15
CVE-2023-50719 XWiki Platform Solr search discloses password hashes of all users — xwiki-platformCWE-359 7.5 High2023-12-15
CVE-2023-50720 XWiki Platform Solr search discloses email addresses of users — xwiki-platformCWE-200 5.3 Medium2023-12-15
CVE-2023-48241 XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service — xwiki-platformCWE-285 7.5 High2023-11-20
CVE-2023-48240 XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery — xwiki-platformCWE-201 9.1 Critical2023-11-20
CVE-2023-46243 Code execution via the edit action in XWiki platform — xwiki-platformCWE-94 10.0 Critical2023-11-07
CVE-2023-46242 Code injection in XWiki Platform — xwiki-platformCWE-94 9.7 Critical2023-11-07
CVE-2023-46244 Privilege escalation in Xwiki platform — xwiki-platformCWE-863 9.1 Critical2023-11-07
CVE-2023-46731 Remote code execution through the section parameter in Administration as guest in XWiki Platform — xwiki-platformCWE-94 10.0 Critical2023-11-06
CVE-2023-46732 Reflected Cross-site scripting through revision parameter in content menu in XWiki Platform — xwiki-platformCWE-79 9.7 Critical2023-11-06
CVE-2023-45137 XWiki Platform XSS with edit right in the create document form for existing pages — xwiki-platformCWE-79 9.1 Critical2023-10-25

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.