Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwikisas — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting xwikisas. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by xwikisas:xwiki-pro-macrosmacro-pdfviewerapplication-confluence-migrator-proidentity-oauthapplication-collaboraapplication-licensingapplication-urlshortenerapplication-admintools
CVE IDTitleCVSSSeverityPublished
CVE-2025-65036 XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro — xwiki-pro-macrosCWE-862 8.3 High2025-12-05
CVE-2025-65089 XWiki view file macro: User can view content of office file without view rights on the attachment — xwiki-pro-macrosCWE-862 6.8 Medium2025-11-19
CVE-2025-54990 XWiki AdminTools application doesn't set permissions on the AdminTools space — application-admintoolsCWE-276 5.3 Medium2025-11-18
CVE-2025-55730 XWiki Remote Macros vulnerable to remote code execution using the confluence paste code macro — xwiki-pro-macrosCWE-116 10.0 Critical2025-09-09
CVE-2025-55729 XWiki Remote Macros vulnerable to remote code execution using the ConfluenceLayoutSection macro — xwiki-pro-macrosCWE-116 10.0 Critical2025-09-09
CVE-2025-55728 XWiki Remote Macros vulnerable to remote code execution using the panel macro — xwiki-pro-macrosCWE-95 10.0 Critical2025-09-09
CVE-2025-55727 XWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro — xwiki-pro-macrosCWE-95 10.0 Critical2025-09-09
CVE-2025-48885 application-urlshortener users can create arbitrary pages as long as they have view access to them — application-urlshortenerCWE-352 4.3AIMediumAI2025-05-30
CVE-2025-27604 XWiki Confluence Migrator Pro's homepage is public — application-confluence-migrator-proCWE-200 7.5 High2025-03-07
CVE-2025-27603 XWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations — application-confluence-migrator-proCWE-95 9.1 Critical2025-03-07
CVE-2024-52298 macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author — macro-pdfviewerCWE-615 7.5 High2024-11-13
CVE-2024-52299 The PDF viewer macro allows accessing any attachment without access right checks — macro-pdfviewerCWE-340 7.5 High2024-11-13
CVE-2024-52300 macro-pdfviewer has a XSS through the width parameter — macro-pdfviewerCWE-80 9.1 Critical2024-11-13
CVE-2024-42489 Pro Macros Remote Code Execution via Viewpdf and similar macros — xwiki-pro-macrosCWE-74 10.0 Critical2024-08-12
CVE-2024-30263 The PDF Viewer macro can be used to view PDF attachments with restricted access — macro-pdfviewerCWE-200 7.7 High2024-04-04
CVE-2024-26138 License information is public, exposing instance id and license holder details — application-licensingCWE-862 5.3 Medium2024-02-21
CVE-2023-46743 The same file cannot be opened with different rights — application-collaboraCWE-276 7.4 High2023-11-09
CVE-2023-45144 Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App — identity-oauthCWE-79 10.0 Critical2023-10-16

This page lists every published CVE security advisory associated with xwikisas. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.