Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products xwiki:xwiki-platformxwiki-commonsxwiki-renderingXWiki Platformorg.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPaused
CVE-2023-35155 XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email — xwiki-platformCWE-79 8.8 High2023-06-23
CVE-2023-35153 XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters — xwiki-platformCWE-79 9.1 Critical2023-06-23
CVE-2023-35152 XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults — xwiki-platformCWE-95 10.0 Critical2023-06-23
CVE-2023-35151 XWiki Platform may show email addresses in clear in REST results — xwiki-platformCWE-359 7.5 High2023-06-23
CVE-2023-35150 XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application — xwiki-platformCWE-95 9.9 Critical2023-06-23
CVE-2023-34467 XWiki Platform may retrieve email addresses of all users — xwiki-platformCWE-402 7.5 High2023-06-23
CVE-2023-34466 XWiki Platform's tags on non-viewable pages can be revealed to users — xwiki-platformCWE-200 4.3 Medium2023-06-23
CVE-2023-34465 XWiki Platform's Mail.MailConfig can be edited by any user with edit rights — xwiki-platformCWE-269 10.0 Critical2023-06-23
CVE-2023-34464 XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template — xwiki-platformCWE-79 9.1 Critical2023-06-23
CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel — xwiki-platformCWE-863 10.0 Critical2023-06-20
CVE-2023-32068 URL Redirection to Untrusted Site in XWiki — xwiki-platformCWE-601 4.7 Medium2023-05-15
CVE-2023-32070 Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers — xwiki-renderingCWE-83 9.1 Critical2023-05-10
CVE-2023-32071 XWiki Platform vulnerable to RXSS via editor parameter - importinline template — xwiki-platformCWE-116 9.1 Critical2023-05-09
CVE-2023-32069 XWiki Platform privilege escalation (PR)/RCE from account through class sheet — xwiki-platformCWE-863 10.0 Critical2023-05-09
CVE-2023-31126 Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml — xwiki-commonsCWE-86 9.1 Critical2023-05-09
CVE-2023-29528 Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml — xwiki-commonsCWE-79 9.1 Critical2023-04-20
CVE-2023-29517 Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer — xwiki-platformCWE-200 7.5 High2023-04-18
CVE-2023-29516 Code injection from view right on XWiki.AttachmentSelector in xwiki-platform — xwiki-platformCWE-74 9.9 Critical2023-04-18
CVE-2023-29515 Cross-site scripting (XSS) in xwiki-platform — xwiki-platformCWE-79 7.7 High2023-04-18
CVE-2023-29514 Code injection in template provider administration in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29513 Users can be created even when registration is disabled without validation via the template macro in xwiki-platform — xwiki-platformCWE-284 5.0 Medium2023-04-18
CVE-2023-29512 Code injection in xwiki-platform-web-templates — xwiki-platformCWE-74 9.9 Critical2023-04-18
CVE-2023-29510 Code injection via unescaped translations in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29522 Code injection from view right on XWiki.ClassSheet in xwiki-platform — xwiki-platformCWE-74 9.9 Critical2023-04-18
CVE-2023-29521 Code injection from account/view through VFS Tree macro in xwiki-platform — xwiki-platformCWE-74 8.4 High2023-04-18
CVE-2023-29520 Page render failure due to broken translations in xwiki-platform — xwiki-platformCWE-248 4.3 Medium2023-04-18
CVE-2023-29519 Code injection in org.xwiki.platform:xwiki-platform-attachment-ui — xwiki-platformCWE-74 9.1 Critical2023-04-18
CVE-2023-29518 Code injection from view right using Invitation.InvitationCommon in xwiki-platform — xwiki-platformCWE-74 9.9 Critical2023-04-18
CVE-2023-29523 Code injection in display method used in user profiles in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29524 Code injection from account through XWiki.SchedulerJobSheet in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.