Filter
AND
XWikiXWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
10
First published (updated )
XWikiXWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
10
First published (updated )
XWikiorg.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
10
First published (updated )
XWikiXWiki Platform users may execute anything with superadmin right through comments and async macro
10
First published (updated )
XWikiXWiki Platform vulnerable to Remote Code Execution in Annotations
10
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiImproper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreCode injection in display method used in user profiles in xwiki-platform
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-administration-uiCode injection in template provider administration in xwiki-platform
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-rendering-async-macroAsync and display macro allow displaying and interacting with any document in restricted mode
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-flamingo-theme-uiorg.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation
9.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiXWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
9.9
First published (updated )
XWikiXWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
9.9
First published (updated )
XWikixwiki-platform-administration-ui vulnerable to privilege escalation
9.9
First published (updated )
maven/org.xwiki.platform:xwiki-platform-invitation-uiCode injection from view right using Invitation.InvitationCommon in xwiki-platform
9.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.xwiki.platform:xwiki-platform-attachment-uiCode injection from view right on XWiki.AttachmentSelector in xwiki-platform
9.9
First published (updated )
maven/org.xwiki.platform:xwiki-platform-web-templatesCode injection in xwiki-platform-web-templates
9.9
First published (updated )
XWikiXWiki Platform has an SQL injection in getdocuments.vm with sort parameter
9.8
First published (updated )
maven/org.xwiki.platform:xwiki-platform-cryptoCrypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.xwiki.platform:xwiki-platform-attachment-uiCode injection in org.xwiki.platform:xwiki-platform-attachment-ui
9.1
First published (updated )
XWikiXWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
First published (updated )
XWikiXWiki Platform Web Parent POM vulnerable to XSS in the attachment history
First published (updated )
XWikiXWiki Platform Mentions UI vulnerable to Cross-site Scripting
First published (updated )
XWikiorg.xwiki.platform:xwiki-platform-logging-ui Injection vulnerability
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiXWiki Platform XSS with edit right in the create document form for existing pages
First published (updated )
XWikiXWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
8.9
First published (updated )
XWikiXWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data
8.9
First published (updated )
XWikiXWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.