Filters
maven/org.xwiki.platform:xwiki-platform-distribution-warXWiki Denial of Service attack through attachments
7.5
EPSS
0.05%
First published (updated )
Xwiki XwikiXWiki has no right protection on rollback action
8.8
EPSS
0.06%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-index-tree-macroVelocity execution without script right through tree macro
8.3
First published (updated )
Xwiki XwikiXWiki Platform Solr search discloses password hashes of all users
7.5
First published (updated )
maven/org.xwiki.contrib.changerequest:application-changerequest-defaultData leak of password hash through xwiki change request
7.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.xwiki.contrib:xwiki-application-admintoolsXWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries
8.8
First published (updated )
Xwiki XwikiXWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service
7.5
First published (updated )
Xwiki Application-collaboraThe same file cannot be opened with different rights
7.4
First published (updated )
Xwiki Xwikiorg.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move
8.1
First published (updated )
Xwiki XwikiXWiki Platform vulnerable to cross-site scripting in target parameter via share page by email
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiCVE-2023-34465
First published (updated )
Xwiki XwikiXWiki Platform vulnerable to reflected cross-site scripting via delattachment action
8.4
First published (updated )
Xwiki XwikiXWiki Platform may show email addresses in clear in REST results
7.5
First published (updated )
Xwiki XwikiXWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions…
7.5
First published (updated )
Xwiki XwikiExposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiCross-site scripting (XSS) in xwiki-platform
7.7
First published (updated )
Xwiki XwikiCode injection from account/view through VFS Tree macro in xwiki-platform
8.8
First published (updated )
Xwiki Xwikiorg.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting
8.9
First published (updated )
Xwiki XwikiData leak through a XAR import XXE attack in xwiki-platform-xar-model
7.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiIn XWiki Platform, saving a document with a large object number leads to persistent OOM errors
7.5
First published (updated )
Xwiki XwikiTwo XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor
7.5
First published (updated )
Xwiki Xwikiorg.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function
8.1
First published (updated )
Xwiki XwikiXWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data
8.9
First published (updated )
Xwiki Xwikiorg.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiCreation of new database tables through login form on PostgreSQL
7.5
First published (updated )
Xwiki XwikiXWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
7.4
First published (updated )
Xwiki XwikiExposure of Private Personal Information to an Unauthorized Actor in xwiki-platform-rest-server
7.5
First published (updated )
Xwiki XwikiXWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
8.9
First published (updated )
Xwiki XwikiXWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
8.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiXWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action
7.5
First published (updated )
Xwiki XwikiXWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor
7.5
First published (updated )
Xwiki Xwikiorg.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users
8.1
First published (updated )
Xwiki XwikiXWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups
8.8
First published (updated )
Xwiki XwikiXWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference
7.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiCross-site Scripting in Filter Stream Converter Application in XWiki Platform
7.4
First published (updated )
Xwiki XwikiCross-site Scripting in the Flamingo theme manager
7.4
First published (updated )
Xwiki XwikiCross-site Scripting in XWiki Platform Wiki UI Main Wiki
7.4
First published (updated )
Xwiki XwikiArbitrary filesystem write access from Velocity
7.5
First published (updated )
Xwiki XwikiIncorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiCross site scripting in registration template in xwiki-platform
7.4
First published (updated )
Xwiki XwikiCross-Site Request Forgery in xwiki-platform
7.5
First published (updated )
Xwiki XwikiUsers registered with email verification can self re-activate their disabled accounts
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Xwiki XwikiScript injection without script or programming rights through Gadget titles
8.8
First published (updated )
Xwiki XwikiRating Script Service expose XWiki to SQL injection
8.8
First published (updated )
Xwiki XwikiIt's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro
7.7
First published (updated )
Xwiki XwikiXWiki Platform before 12.8 mishandles escaping in the property displayer.
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.