Filter
AND
Software
Xwiki XwikiXWiki Platform has an SQL injection in getdocuments.vm with sort parameter
9.8
First published (updated )
Xwiki Pdf Viewer Macromacro-pdfviewer has a XSS through the width parameter
9.1
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki Platform allows XSS through XClass name in string properties
9.1
First published (updated )
maven/org.xwiki.platform:xwiki-platform-web-templatesIn XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
9.1
First published (updated )
Xwiki Pro MacrosPro Macros Remote Code Execution via Viewpdf and similar macros
10
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.xwiki.platform:xwiki-platform-web-templatesXWiki Platform XSS through conflict resolution
9.1
First published (updated )
maven/org.xwiki.platform:xwiki-platform-search-uiXWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-rendering-macro-includeXWiki programming rights may be inherited by inclusion
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-uiextension-apiXWiki Platform remote code execution from account through UIExtension parameters
10
EPSS
0.04%
First published (updated )
maven/org.xwiki.commons:xwiki-commons-velocityXWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
10
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.xwiki.platform:xwiki-platform-realtime-uiXWiki Platform CSRF remote code execution through the realtime HTML Converter API
9.7
EPSS
0.04%
First published (updated )
Xwiki XwikiXWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
10
EPSS
0.04%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-administration-uiXWiki Remote Code Execution vulnerability via user registration
10
EPSS
0.58%
First published (updated )
Xwiki XwikiXWiki Platform remote code execution/programming rights with configuration section from any user account
10
First published (updated )
Xwiki XwikiXWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass
9.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiXWiki Platform RCE from account through SearchAdmin
10
First published (updated )
maven/org.xwiki.contrib:xwiki-application-admintoolsXWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks
9.6
First published (updated )
Xwiki XwikiXWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreCode execution via the edit action in XWiki platform
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreCode injection in XWiki Platform
9.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiPrivilege escalation in Xwiki platform
9.1
First published (updated )
maven/org.xwiki.platform:xwiki-platform-administration-uiRemote code execution through the section parameter in Administration as guest in XWiki Platform
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-flamingo-skin-resourcesReflected Cross-site scripting through revision parameter in content menu in XWiki Platform
9.6
First published (updated )
Xwiki XwikiXWiki Platform XSS with edit right in the create document form for existing pages
First published (updated )
Xwiki XwikiXWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled
9.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiXWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
First published (updated )
Xwiki XwikiXWiki Platform XSS vulnerability from account in the create page form via template provider
First published (updated )
Xwiki Xwikiorg.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter
10
First published (updated )
Xwiki Xwiki-renderingXWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-menu-uiPrivilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet
10
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.