xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by xwiki:xwiki-platform xwiki-commons xwiki-rendering XWiki Platform org.xwiki.platform:xwiki-platform-oldcore

CVE ID	Title	CVSS	Severity	Published
CVE-2023-26473	XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm — xwiki-platformCWE-284	6.5	Medium	2023-03-02
CVE-2023-26474	XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author — xwiki-platformCWE-284	10.0	Critical	2023-03-02
CVE-2023-26475	XWiki Platform vulnerable to Remote Code Execution in Annotations — xwiki-platformCWE-270	10.0	Critical	2023-03-02
CVE-2023-26476	Two XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor — xwiki-platformCWE-200	7.5	High	2023-03-02
CVE-2023-26477	org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability — xwiki-platformCWE-95	10.0	Critical	2023-03-02
CVE-2023-26478	org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function — xwiki-platformCWE-749	6.6	Medium	2023-03-02
CVE-2023-26479	org.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions — xwiki-platformCWE-755	6.5	Medium	2023-03-02
CVE-2023-26480	XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data — xwiki-platformCWE-79	8.9	High	2023-03-02
CVE-2022-41927	XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags — xwiki-platformCWE-352	7.4	High	2022-11-23
CVE-2022-41928	XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml — xwiki-platformCWE-95	9.9	Critical	2022-11-23
CVE-2022-41929	Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore — xwiki-platformCWE-862	4.9	Medium	2022-11-23
CVE-2022-41930	org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users — xwiki-platformCWE-862	7.5	High	2022-11-23
CVE-2022-41931	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui — xwiki-platformCWE-95	9.9	Critical	2022-11-23
CVE-2022-41932	Creation of new database tables through login form on PostgreSQL — xwiki-platformCWE-400	7.5	High	2022-11-23
CVE-2022-41933	Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default — xwiki-platformCWE-312	6.2	Medium	2022-11-23
CVE-2022-41934	Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui — xwiki-platformCWE-74	9.9	Critical	2022-11-23
CVE-2022-41935	Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui — xwiki-platformCWE-200	5.3	Medium	2022-11-23
CVE-2022-41936	Exposure of Private Personal Information to an Unauthorized Actor in xwiki-platform-rest-server — xwiki-platformCWE-359	5.3	Medium	2022-11-22
CVE-2022-41937	Missing Authorization in XWiki Platform — xwiki-platformCWE-862	9.6	Critical	2022-11-22
CVE-2022-36100	XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection — xwiki-platformCWE-95	9.9	Critical	2022-09-08
CVE-2022-36098	XWiki Platform Mentions UI vulnerable to Cross-site Scripting — xwiki-platformCWE-79	8.9	High	2022-09-08
CVE-2022-36099	XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability — xwiki-platformCWE-95	9.9	Critical	2022-09-08
CVE-2022-36097	XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form — xwiki-platformCWE-79	8.9	High	2022-09-08
CVE-2022-36096	XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list — xwiki-platformCWE-79	8.9	High	2022-09-08
CVE-2022-36095	XWiki Cross-Site Request Forgery (CSRF) for actions on tags — xwiki-platformCWE-352	4.3	Medium	2022-09-08
CVE-2022-36094	XWiki Platform Web Parent POM vulnerable to XSS in the attachment history — xwiki-platformCWE-79	8.9	High	2022-09-08
CVE-2022-36093	XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard — xwiki-platformCWE-288	8.5	High	2022-09-08
CVE-2022-36092	XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action — xwiki-platformCWE-287	7.5	High	2022-09-08
CVE-2022-36091	XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor — xwiki-platformCWE-862	7.5	High	2022-09-08
CVE-2022-36090	org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users — xwiki-platformCWE-285	8.1	High	2022-09-08

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

xwiki — Vulnerabilities & Security Advisories 243