Filter
AND
maven/org.xwiki.platform:xwiki-platform-scheduler-uiXWiki Platform CSRF in the job scheduler
5.4
EPSS
0.04%
First published (updated )
XWikiXWiki Platform: Remote code execution through space title and Solr space facet
10
EPSS
0.04%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-search-uiXWiki Platform: Remote code execution as guest via DatabaseSearch
10
EPSS
0.04%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki Platform: Privilege escalation (PR) from user registration through PDFClass
10
EPSS
0.04%
First published (updated )
XWikiXWiki Platform: Remote code execution from edit in multilingual wikis via translations
10
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.xwiki.platform:xwiki-platform-scheduler-uiXWiki Platform CSRF remote code execution through scheduler job's document reference
9.1
EPSS
0.04%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki Platform remote code execution from account via custom skins support
10
EPSS
0.04%
First published (updated )
XWikiXWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
6.4
First published (updated )
maven/org.xwiki.commons:xwiki-commons-velocityXWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
10
EPSS
0.04%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-uiextension-apiXWiki Platform remote code execution from account through UIExtension parameters
10
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiXWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
10
EPSS
0.04%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
6.8
EPSS
0.04%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-realtime-uiXWiki Platform CSRF remote code execution through the realtime HTML Converter API
9.7
EPSS
0.04%
First published (updated )
XWikiXWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
9.1
First published (updated )
XWikiPersistent Cross-site Scripting (XSS) through CKEditor Configuration pages in XWiki Platform
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiXWiki Platform's Mail.MailConfig can be edited by any user with edit rights
10
First published (updated )
XWikiXWiki Platform may show email addresses in clear in REST results
7.5
First published (updated )
XWikiXWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults
10
First published (updated )
XWikiXWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template
9.6
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki Platform vulnerable to reflected cross-site scripting via delattachment action
8.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiXWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template
9.7
First published (updated )
XWikiXWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template
9.6
First published (updated )
XWikiXWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
9.6
First published (updated )
XWikiCode injection in icon themes of XWiki Platform
10
First published (updated )
XWikiCode injection through NotificationRSSService in XWiki Platform
10
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiUpgrading doesn't prevent exploiting vulnerable XWiki documents
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-flamingo-skin-resourcesReflected Cross-site scripting through revision parameter in content menu in XWiki Platform
9.6
First published (updated )
maven/org.xwiki.platform:xwiki-platform-administration-uiRemote code execution through the section parameter in Administration as guest in XWiki Platform
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreCode injection in XWiki Platform
9.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.