Filter
AND
-Infinity
0
Trending
XwikiData leak through a XAR import XXE attack in xwiki-platform-xar-model
7.7
First published (updated )
maven/org.xwiki.platform:xwiki-platform-livedata-macroorg.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting
8.9
First published (updated )
maven/org.xwiki.platform:xwiki-platform-vfs-uiCode injection from account/view through VFS Tree macro in xwiki-platform
8.8
First published (updated )
maven/org.xwiki.platform:xwiki-platform-appwithinminutes-uiCross-site scripting (XSS) in xwiki-platform
7.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.xwiki.platform:xwiki-platform-office-viewerExposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer
7.5
First published (updated )
XwikiUsers registered with email verification can self re-activate their disabled accounts
8.8
First published (updated )
XwikiXWiki Platform may retrieve email addresses of all users
7.5
First published (updated )
XwikiXWiki Platform may show email addresses in clear in REST results
7.5
First published (updated )
XwikiXWiki Platform vulnerable to cross-site scripting in target parameter via share page by email
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki Platform vulnerable to reflected cross-site scripting via delattachment action
8.4
First published (updated )
maven/org.xwiki.contrib.changerequest:application-changerequest-defaultData leak of password hash through xwiki change request
7.7
First published (updated )
XWiki Application - CollaboraThe same file cannot be opened with different rights
7.4
First published (updated )
XWiki PDF Viewer MacroThe PDF viewer macro allows accessing any attachment without access right checks
7.5
First published (updated )
XWiki PDF Viewer Macromacro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.xwiki.contrib:xwiki-application-admintoolsXWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries
8.8
First published (updated )
XwikiXWiki Platform Solr search discloses password hashes of all users
7.5
First published (updated )
maven/org.xwiki.platform:xwiki-platform-attachment-apiorg.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move
8.1
First published (updated )
XWiki PDF Viewer MacroThe PDF Viewer macro can be used to view PDF attachments with restricted access
7.7
EPSS
0.04%
First published (updated )
maven/org.xwiki.platform:xwiki-platform-webXWiki Platform before 12.8 mishandles escaping in the property displayer.
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XwikiScript injection without script or programming rights through Gadget titles
8.8
First published (updated )
XwikiIt's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro
7.7
First published (updated )
XwikiRating Script Service expose XWiki to SQL injection
8.8
First published (updated )
XwikiCreation of new database tables through login form on PostgreSQL
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
XwikiExposure of Private Personal Information to an Unauthorized Actor in xwiki-platform-rest-server
7.5
First published (updated )
XwikiXWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
7.4
First published (updated )
XwikiXWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
8.9
First published (updated )
XwikiXWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
8.5
First published (updated )
Xwikiorg.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.