Filter
AND
Software
Xwiki XwikiXWiki Platform has an SQL injection in getdocuments.vm with sort parameter
9.8
First published (updated )
maven/org.xwiki.commons:xwiki-commons-velocityXWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
10
EPSS
0.04%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-uiextension-apiXWiki Platform remote code execution from account through UIExtension parameters
10
EPSS
0.04%
First published (updated )
Xwiki XwikiXWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
10
EPSS
0.04%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-realtime-uiXWiki Platform CSRF remote code execution through the realtime HTML Converter API
9.7
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.xwiki.platform:xwiki-platform-help-uiPrivilege escalation (PR) from account through TipsPanel
10
First published (updated )
Xwiki XwikiXWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
9.1
First published (updated )
Xwiki XwikiPersistent Cross-site Scripting (XSS) through CKEditor Configuration pages in XWiki Platform
First published (updated )
Xwiki XwikiXWiki Platform's Mail.MailConfig can be edited by any user with edit rights
10
First published (updated )
Xwiki XwikiXWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application
9.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiXWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
9.1
First published (updated )
Xwiki XwikiXPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template
9.6
First published (updated )
Xwiki XwikiXWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults
10
First published (updated )
Xwiki XwikiXWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template
9.6
First published (updated )
Xwiki XwikiXWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template
9.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiXWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template
9.6
First published (updated )
Xwiki XwikiXWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
9.6
First published (updated )
Xwiki XwikiXWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page
9.6
First published (updated )
XWiki CommonsHTML sanitizer allows form elements in restricted in org.xwiki.commons:xwiki-commons-xml
First published (updated )
Xwiki XwikiCode injection in icon themes of XWiki Platform
10
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiCode injection through NotificationRSSService in XWiki Platform
10
First published (updated )
Xwiki XwikiUpgrading doesn't prevent exploiting vulnerable XWiki documents
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-flamingo-skin-resourcesReflected Cross-site scripting through revision parameter in content menu in XWiki Platform
9.6
First published (updated )
maven/org.xwiki.platform:xwiki-platform-administration-uiRemote code execution through the section parameter in Administration as guest in XWiki Platform
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreCode injection in XWiki Platform
9.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiPrivilege escalation in Xwiki platform
9.1
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreCode execution via the edit action in XWiki platform
10
First published (updated )
Xwiki Ckeditor Integrationorg.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery
9.1
First published (updated )
Xwiki Pdf Viewer Macromacro-pdfviewer has a XSS through the width parameter
9.1
First published (updated )
Xwiki XwikiXWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API
9.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.