Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products xwiki:xwiki-platformxwiki-commonsxwiki-renderingXWiki Platformorg.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPaused
CVE-2023-45136 XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled — xwiki-platformCWE-79 9.7 Critical2023-10-25
CVE-2023-45135 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title — xwiki-platformCWE-116 9.1 Critical2023-10-25
CVE-2023-45134 XWiki Platform XSS vulnerability from account in the create page form via template provider — xwiki-platformCWE-79 9.1 Critical2023-10-25
CVE-2023-37913 org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter — xwiki-platformCWE-23 10.0 Critical2023-10-25
CVE-2023-37912 XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro — xwiki-renderingCWE-270 10.0 Critical2023-10-25
CVE-2023-37911 org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents — xwiki-platformCWE-668 6.5 Medium2023-10-25
CVE-2023-37910 org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move — xwiki-platformCWE-862 8.1 High2023-10-25
CVE-2023-37909 Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet — xwiki-platformCWE-95 10.0 Critical2023-10-25
CVE-2023-37908 org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability — xwiki-renderingCWE-83 9.1 Critical2023-10-25
CVE-2023-41046 Velocity execution without script rights in Xwiki platform — xwiki-platformCWE-862 6.3 Medium2023-09-01
CVE-2023-40573 XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution — xwiki-platformCWE-284 9.1 Critical2023-08-24
CVE-2023-40572 XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action — xwiki-platformCWE-352 9.1 Critical2023-08-24
CVE-2023-40177 XWiki Platform privilege escalation (PR) from account through AWM content fields — xwiki-platformCWE-95 9.9 Critical2023-08-23
CVE-2023-40176 SXSS in the user profile via the timezone displayer — xwiki-platformCWE-79 9.1 Critical2023-08-23
CVE-2023-37914 Privilege escalation (PR)/RCE from account through Invitation subject/message — xwiki-platformCWE-94 9.9 Critical2023-08-17
CVE-2023-38509 XWiki Platform's obfuscated email addresses should not be sorted — xwiki-platformCWE-402 4.3 Medium2023-07-27
CVE-2023-37462 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-skin-ui — xwiki-platformCWE-74 10.0 Critical2023-07-14
CVE-2023-37277 XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API — xwiki-platformCWE-352 9.7 Critical2023-07-10
CVE-2023-36477 Persistent Cross-site Scripting (XSS) through CKEditor Configuration pages in XWiki Platform — xwiki-platformCWE-79 9.1 Critical2023-06-30
CVE-2023-36468 Upgrading doesn't prevent exploiting vulnerable XWiki documents — xwiki-platformCWE-459 10.0 Critical2023-06-29
CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform — xwiki-platformCWE-74 10.0 Critical2023-06-29
CVE-2023-36470 Code injection in icon themes of XWiki Platform — xwiki-platformCWE-74 10.0 Critical2023-06-29
CVE-2023-36471 HTML sanitizer allows form elements in restricted in org.xwiki.commons:xwiki-commons-xml — xwiki-commonsCWE-74 9.1 Critical2023-06-29
CVE-2023-35162 XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template — xwiki-platformCWE-79 9.7 Critical2023-06-23
CVE-2023-35161 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page — xwiki-platformCWE-87 9.7 Critical2023-06-23
CVE-2023-35160 XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template — xwiki-platformCWE-87 9.7 Critical2023-06-23
CVE-2023-35159 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template — xwiki-platformCWE-87 9.7 Critical2023-06-23
CVE-2023-35158 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template — xwiki-platformCWE-87 9.7 Critical2023-06-23
CVE-2023-35157 XWiki Platform vulnerable to reflected cross-site scripting via delattachment action — xwiki-platformCWE-80 8.5 High2023-06-23
CVE-2023-35156 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template — xwiki-platformCWE-87 9.7 Critical2023-06-23

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.