Filter
AND
Versions
14.0
14
14.5
9
13.0
7
15.0
6
13.5
4
14.10
4
12.7
3
15.6
3
1.1
2
12.0
2
12.10
2
13.1
2
13.10
2
14.4.0
2
3.2-milestone3
2
6.4
2
0.9.1252
1
0.9.543
1
0.9.790
1
0.9.793
1
0.9.840
1
1.0-b1
1
1.0-b2
1
1.1-milestone3
1
1.1-milestone4
1
1.1-rc1
1
1.3
1
11.3.7
1
11.4
1
11.6
1
12.0.0
1
12.10.10
1
12.10.3
1
12.7.1
1
12.8
1
13.10.1
1
13.10.2
1
13.4
1
13.4.0
1
13.4.2
1
13.4.6
1
13.5.0
1
13.6
1
14.0.0
1
14.10-rc1
1
14.3
1
14.4
1
14.4.3
1
14.4.4
1
14.5.0
1
14.7-rc1
1
14.9-rc1
1
15.0-rc1
1
15.5
1
15.6-rc1
1
15.7-rc1
1
2.3
1
2.4
1
3.0
1
3.0-milestone3
1
3.0-rc1
1
3.0.1
1
3.1-milestone1
1
3.1-milestone2
1
3.1-rc1
1
3.1.1
1
3.2-milestone2
1
3.3
1
3.5-milestone1
1
3.5.1
1
5.0
1
5.3-milestone2
1
5.4
1
5.4.4
1
6.2.4
1
6.3-milestone2
1
6.3-rc1
1
6.4-milestone3
1
6.4-rc1
1
6.4.1
1
7.2-milestone2
1
7.2-milestone3
1
7.3
1
7.3-milestone1
1
7.4
1
8.0
1
8.1
1
8.3
1
maven/org.xwiki.platform:xwiki-platform-appwithinminutes-uiCross-site scripting (XSS) in xwiki-platform
7.7
First published (updated )
maven/org.xwiki.platform:xwiki-platform-office-viewerExposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer
7.5
First published (updated )
XWikiUsers registered with email verification can self re-activate their disabled accounts
8.8
First published (updated )
XWikiXWiki Platform may retrieve email addresses of all users
7.5
First published (updated )
XWikiXWiki Platform may show email addresses in clear in REST results
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiXWiki Platform vulnerable to cross-site scripting in target parameter via share page by email
8.8
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki Platform vulnerable to reflected cross-site scripting via delattachment action
8.4
First published (updated )
maven/org.xwiki.contrib:xwiki-application-admintoolsXWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries
8.8
First published (updated )
XWikiXWiki Platform Solr search discloses password hashes of all users
7.5
First published (updated )
maven/org.xwiki.platform:xwiki-platform-attachment-apiorg.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.xwiki.platform:xwiki-platform-webXWiki Platform before 12.8 mishandles escaping in the property displayer.
7.5
First published (updated )
XWikiScript injection without script or programming rights through Gadget titles
8.8
First published (updated )
XWikiIt's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro
7.7
First published (updated )
XWikiRating Script Service expose XWiki to SQL injection
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiCreation of new database tables through login form on PostgreSQL
7.5
First published (updated )
XWikiExposure of Private Personal Information to an Unauthorized Actor in xwiki-platform-rest-server
7.5
First published (updated )
XWikiXWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
7.4
First published (updated )
XWikiXWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
8.9
First published (updated )
XWikiXWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
8.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiorg.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users
8.1
First published (updated )
XWikiXWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action
7.5
First published (updated )
XWikiXWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor
7.5
First published (updated )
XWikiXWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups
8.8
First published (updated )
XWikiXWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference
7.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiCross-site Scripting in Filter Stream Converter Application in XWiki Platform
7.4
First published (updated )
XWikiCross-site Scripting in the Flamingo theme manager
7.4
First published (updated )
XWikiCross-site Scripting in XWiki Platform Wiki UI Main Wiki
7.4
First published (updated )
XWikiIncorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.