Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by xwiki:xwiki-platformxwiki-commonsxwiki-renderingXWiki Platformorg.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPublished
CVE-2023-29525 Privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29526 Async and display macro allow displaying and interacting with any document in restricted mode — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29527 Code injection from account through AWM view sheet in xwiki platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29213 org.xwiki.platform:xwiki-platform-logging-ui Injection vulnerability — xwiki-platformCWE-74 9.1 Critical2023-04-17
CVE-2023-29511 xwiki-platform-administration-ui vulnerable to privilege escalation — xwiki-platformCWE-95 9.9 Critical2023-04-16
CVE-2023-30537 org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation — xwiki-platformCWE-95 9.9 Critical2023-04-16
CVE-2023-29509 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-16
CVE-2023-29508 org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting — xwiki-platformCWE-80 8.9 High2023-04-16
CVE-2023-29507 org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors — xwiki-platformCWE-648 9.1 Critical2023-04-16
CVE-2023-29506 org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticated endpoints — xwiki-platformCWE-79 5.4 Medium2023-04-16
CVE-2023-29214 org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-16
CVE-2023-29212 xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-16
CVE-2023-29211 org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-16
CVE-2023-29210 org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-15
CVE-2023-29209 org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-15
CVE-2023-29208 Data leak through deleted documents — xwiki-platformCWE-668 7.5 High2023-04-15
CVE-2023-29207 Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro — xwiki-platformCWE-79 8.9 High2023-04-15
CVE-2023-29206 org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins — xwiki-platformCWE-79 9.1 Critical2023-04-15
CVE-2023-29205 org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro — xwiki-platformCWE-79 10.0 Critical2023-04-15
CVE-2023-29204 URL Redirection to Untrusted Site ('Open Redirect') in org.xwiki.platform:xwiki-platform-oldcore — xwiki-platformCWE-601 4.7 Medium2023-04-15
CVE-2023-29203 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm — xwiki-platformCWE-359 3.7 Low2023-04-15
CVE-2023-29202 org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability — xwiki-platformCWE-79 9.1 Critical2023-04-15
CVE-2023-29201 org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability — xwiki-commonsCWE-79 9.1 Critical2023-04-15
CVE-2023-27480 Data leak through a XAR import XXE attack in xwiki-platform-xar-model — xwiki-platformCWE-611 7.7 High2023-03-07
CVE-2023-27479 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui — xwiki-platformCWE-74 10.0 Critical2023-03-07
CVE-2023-26055 XWiki Commons may allow privilege escalation to programming rights via user's first name — xwiki-commonsCWE-150 10.0 Critical2023-03-02
CVE-2023-26056 XWiki Platform allows macro execution as any user without programming rights through the context macro — xwiki-platformCWE-863 5.4 Medium2023-03-02
CVE-2023-26470 In XWiki Platform, saving a document with a large object number leads to persistent OOM errors — xwiki-platformCWE-400 5.7 Medium2023-03-02
CVE-2023-26471 XWiki Platform users may execute anything with superadmin right through comments and async macro — xwiki-platformCWE-284 10.0 Critical2023-03-02
CVE-2023-26472 XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile — xwiki-platformCWE-116 10.0 Critical2023-03-02

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.