Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products xwiki:xwiki-platformxwiki-commonsxwiki-renderingXWiki Platformorg.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPaused
CVE-2022-31166 XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups — xwiki-platformCWE-269 8.1 High2022-09-07
CVE-2022-31167 XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference — xwiki-platformCWE-285 7.1 High2022-09-07
CVE-2022-29258 Cross-site Scripting in Filter Stream Converter Application in XWiki Platform — xwiki-platformCWE-80 7.4 High2022-05-31
CVE-2022-29251 Cross-site Scripting in the Flamingo theme manager — xwiki-platformCWE-80 7.4 High2022-05-25
CVE-2022-29252 Cross-site Scripting in XWiki Platform Wiki UI Main Wiki — xwiki-platformCWE-80 7.4 High2022-05-25
CVE-2022-29253 Path Traversal in XWiki Platform — xwiki-platformCWE-24 2.7 Low2022-05-25
CVE-2022-29161 Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform — xwiki-platformCWE-327 5.4 Medium2022-05-05
CVE-2022-24897 Arbitrary filesystem write access from Velocity — xwiki-commonsCWE-22 7.5 High2022-05-02
CVE-2022-24898 Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml — xwiki-commonsCWE-611 4.9 Medium2022-04-28
CVE-2022-24820 Unauthenticated user can list hidden document from multiple velocity templates — xwiki-platformCWE-359 5.3 Medium2022-04-08
CVE-2022-24819 Unauthenticated user can retrieve the list of users through uorgsuggest.vm — xwiki-platformCWE-359 5.3 Medium2022-04-08
CVE-2022-24821 Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx — xwiki-platformCWE-648 6.8 Medium2022-04-08
CVE-2022-23622 Cross site scripting in registration template in xwiki-platform — xwiki-platformCWE-79 7.4 High2022-02-09
CVE-2022-23621 Missing authorization in xwiki-platform — xwiki-platformCWE-862 5.5 Medium2022-02-09
CVE-2022-23620 Path traversal in xwiki-platform-skin-skinx — xwiki-platformCWE-22 6.8 Medium2022-02-09
CVE-2022-23619 Information exposure in xwiki-platform — xwiki-platformCWE-200 5.3 Medium2022-02-09
CVE-2022-23618 Open Redirect in xwiki-platform — xwiki-platformCWE-601 4.7 Medium2022-02-09
CVE-2022-23617 Missing authorization in xwiki-platform — xwiki-platformCWE-862 6.5 Medium2022-02-09
CVE-2022-23616 Remote code execution in xwiki-platform — xwiki-platformCWE-74 8.8 High2022-02-09
CVE-2022-23615 Partial authorization bypass on document save in xwiki-platform — xwiki-platformCWE-863 5.4 Medium2022-02-09
CVE-2021-43841 XSS by SVG upload in xwiki-platform — xwiki-platformCWE-79 5.4 Medium2022-02-04
CVE-2021-32732 Cross-Site Request Forgery in xwiki-platform — xwiki-platformCWE-352 7.5 High2022-02-04
CVE-2021-32731 The reset password form reveal users email address — xwiki-platformCWE-200 5.3 Medium2021-07-01
CVE-2021-32730 No CSRF protection on the password change form — xwiki-platformCWE-352 5.7 Medium2021-07-01
CVE-2021-32729 A user without PR can reset user authentication failures information — xwiki-platformCWE-693 2.0 Low2021-07-01
CVE-2021-32620 Users registered with email verification can self re-activate their disabled accounts — xwiki-platformCWE-285 8.8 High2021-05-28
CVE-2021-32621 Script injection without script or programming rights through Gadget titles — xwiki-platformCWE-94 8.8 High2021-05-28
CVE-2021-29459 XSS Cross Site Scripting — xwiki-platformCWE-79 9.6 Critical2021-04-20
CVE-2021-21380 Rating Script Service expose XWiki to SQL injection — xwiki-platformCWE-89 7.7 High2021-03-23
CVE-2021-21379 It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro — xwiki-platformCWE-281 7.7 High2021-03-12

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.