Filter
AND
Versions
14.5
6
15.0
6
14.0
5
15.6
5
13.0
4
0.9.793
3
13.1
3
13.1-rc1
3
13.9
3
0.9.1252
2
0.9.543
2
0.9.790
2
0.9.840
2
1.0
2
14.0.0
2
14.4.0
2
14.4.3
2
14.4.4
2
14.6
2
6.0
2
1.0-b1
1
1.0-b2
1
1.1-rc1
1
1.3
1
1.3-rc1
1
1.8
1
10.7
1
11.6.1
1
11.7-rc1
1
12.0.0
1
12.10.11
1
12.10.2
1
12.10.5
1
12.10.6
1
12.7
1
13.0.0
1
13.10.4
1
13.10.8
1
13.2
1
13.3
1
13.4
1
13.4.0
1
13.4.4
1
13.6
1
13.7
1
13.9-rc1
1
14.10
1
14.10-rc1
1
14.10.8
1
14.2
1
14.4.5
1
14.7
1
15.0-rc1
1
15.6-rc1
1
15.7-rc1
1
16.0-rc-1
1
16.0.0
1
16.0.0-rc1
1
2.0-milestone2
1
2.3
1
2.4
1
3.0-milestone1
1
3.0-milestone2
1
3.0-milestone3
1
3.1
1
3.1.1
1
3.5
1
4.2
1
4.2-milestone-3
1
4.2-milestone3
1
5.0
1
5.0-milestone1
1
5.0.1
1
6.0-rc1
1
7.2
1
8.3-rc1
1
8.4
1
9.4-rc1
1
maven/org.xwiki.platform:xwiki-platform-web-templatesUsers can be created even when registration is disabled without validation via the template macro in xwiki-platform
First published (updated )
maven/org.xwiki.platform:xwiki-platform-localization-source-wikiPage render failure due to broken translations in xwiki-platform
6.5
First published (updated )
maven/org.xwiki.platform:xwiki-platform-scheduler-uiXWiki Platform CSRF in the job scheduler
5.4
EPSS
0.04%
First published (updated )
XWikiXWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
6.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
6.8
EPSS
0.04%
First published (updated )
XWikiXWiki Platform's tags on non-viewable pages can be revealed to users
4.3
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreVelocity execution without script rights in Xwiki platform
6.3
First published (updated )
maven/org.xwiki.platform:xwiki-platform-rest-serverXWiki Platform document history including authors of any page exposed to unauthorized actors
5.3
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreorg.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiThe search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote atta…
First published (updated )
XWikiXWiki Platform vulnerable to document deletion and overwrite from edit
4.3
First published (updated )
XWikiUsers with SCRIPT rights can execute arbitrary code in XWiki
6.6
First published (updated )
maven/org.xwiki.platform:xwiki-platform-tool-configuration-resourcesXSS by SVG upload in xwiki-platform
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiThe reset password form reveal users email address
5.3
First published (updated )
XWikiNo CSRF protection on the password change form
5.7
First published (updated )
XWikiA user without PR can reset user authentication failures information
5.5
First published (updated )
XWikiExposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiMissing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore
4.9
First published (updated )
XWikiPlaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default
6.5
First published (updated )
XWikiXWiki Cross-Site Request Forgery (CSRF) for actions on tags
4.3
First published (updated )
XWikiUnauthenticated user can list hidden document from multiple velocity templates
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiUnauthenticated user can retrieve the list of users through uorgsuggest.vm
5.3
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreOpen Redirect in xwiki-platform
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.