Filter
AND
-Infinity
0
Trending
maven/org.xwiki.platform:xwiki-platform-rest-serverorg.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API
9.8
EPSS
0.32%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-help-uiXWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList
10
First published (updated )
XwikiXWiki allows remote code execution through the extension sheet
10
First published (updated )
maven/org.xwiki.platform:xwiki-platform-administration-uiXWiki allows RCE from script right in configurable sections
9.1
First published (updated )
maven/org.xwiki.platform:xwiki-platform-cryptoCrypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XwikiXWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
First published (updated )
OpenID ConnectXWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication
9.1
First published (updated )
XwikiXWiki Platform Web Parent POM vulnerable to XSS in the attachment history
First published (updated )
XwikiXWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
9.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XwikiXWiki Platform Mentions UI vulnerable to Cross-site Scripting
First published (updated )
XwikiXWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
9.9
First published (updated )
XwikiXWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml
9.9
First published (updated )
Xwikiorg.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users
9.1
First published (updated )
XwikiImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui
9.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XwikiImproper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui
9.9
First published (updated )
XWiki CKEditor Integrationorg.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery
9.1
First published (updated )
maven/com.xwiki.confluencepro:application-confluence-migrator-pro-uiXWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations
9.1
EPSS
0.10%
First published (updated )
Xwikiorg.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
10
First published (updated )
XwikiXWiki Platform vulnerable to Remote Code Execution in Annotations
10
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XwikiXWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
10
First published (updated )
XwikiXWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
10
First published (updated )
XWikiXWiki Commons may allow privilege escalation to programming rights via user's first name
10
First published (updated )
XwikiXWiki Platform users may execute anything with superadmin right through comments and async macro
10
First published (updated )
XwikiImproper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui
10
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.xwiki.platform:xwiki-platform-realtime-uiXWiki Platform CSRF remote code execution through the realtime HTML Converter API
9.7
EPSS
0.04%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-search-solr-uiRemote code execution as guest via SolrSearchMacros request in xwiki
First published (updated )
maven/org.xwiki.platform:xwiki-platform-oldcoreorg.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors
9.1
First published (updated )
Xwikiorg.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability
9.1
First published (updated )
Xwikiorg.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability
9.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.