Filter
-Infinity
0
Trending
Software
maven/org.xwiki.platform:xwiki-platform-rest-serverorg.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API
9.8
EPSS
0.32%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreorg.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API
8.8
EPSS
0.05%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-messagestreamXWiki allows unregistered users to see "public" messages from a closed wiki via notifications from a different wiki
4.7
EPSS
0.06%
First published (updated )
XWiki JIRA ExtensionThe XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server
7.7
EPSS
0.03%
First published (updated )
XWiki PlatformThe WikiManager REST API allows any user to create wikis
7.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWiki PlatformXWiki allows unregistered users to access private pages information through REST endpoint
8.7
First published (updated )
maven/org.xwiki.platform:xwiki-platform-security-authorization-apiXWiki uses the wrong wiki reference in AuthorizationManager
8.7
First published (updated )
XWiki Confluence Migrator ProXWiki Confluence Migrator Pro's homepage is public
7.5
EPSS
0.05%
First published (updated )
maven/com.xwiki.confluencepro:application-confluence-migrator-pro-uiXWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations
9.1
EPSS
0.10%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-search-solr-uiRemote code execution as guest via SolrSearchMacros request in xwiki
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XwikiXWiki.org XWiki SolrSearchMacros text Command Injection Remote Code Execution Vulnerability
First published (updated )
XwikiZDI-24-1697: XWiki.org XWiki SolrSearchMacros text Command Injection Remote Code Execution Vulnerability
First published (updated )
maven/org.xwiki.platform:xwiki-platform-administration-uiXWiki allows RCE from script right in configurable sections
9.1
First published (updated )
maven/org.xwiki.platform:xwiki-platform-help-uiXWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList
10
First published (updated )
XwikiXWiki's scheduler in subwiki allows scheduling operations for any main wiki user
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XwikiXWiki Platform has an SQL injection in getdocuments.vm with sort parameter
9.8
First published (updated )
XwikiXWiki allows remote code execution through the extension sheet
10
First published (updated )
XWiki PDF Viewer Macromacro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author
7.5
First published (updated )
XWiki PDF Viewer MacroThe PDF viewer macro allows accessing any attachment without access right checks
7.5
First published (updated )
XWiki PDF Viewer Macromacro-pdfviewer has a XSS through the width parameter
9.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.xwiki.platform:xwiki-platform-notifications-uiData leak of notification filters of users in XWiki Platform
5.3
First published (updated )
maven/org.xwiki.platform:xwiki-platform-notifications-uiMissing checks for notification filter preferences editions in XWiki Platform
6.5
First published (updated )
maven/org.xwiki.platform:xwiki-platform-rest-serverXWiki Platform document history including authors of any page exposed to unauthorized actors
5.3
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki Platform allows XSS through XClass name in string properties
9.1
First published (updated )
maven/org.xwiki.platform:xwiki-platform-web-templatesIn XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
9.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XWikiPro Macros Remote Code Execution via Viewpdf and similar macros
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-web-templatesXWiki Platform XSS through conflict resolution
First published (updated )
maven/org.xwiki.platform:xwiki-platform-search-uiXWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
10
First published (updated )
XwikiXWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
6.4
First published (updated )
XwikiXWiki Platform vulnerable to document deletion and overwrite from edit
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.