Skip to main content

Xwiki

223 CVEs product

Monthly

CVE-2026-26000 Maven MEDIUM PATCH This Month

Xwiki versions up to 17.9.0 is affected by improper restriction of rendered ui layers or frames (CVSS 6.1).

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-24128 Maven MEDIUM POC PATCH This Month

Reflected XSS in XWiki Platform versions 7.0 through 17.7.0 enables attackers to craft malicious URLs that execute arbitrary actions with victim privileges, potentially leading to full installation compromise if the victim holds administrative or programming rights. The vulnerability requires user interaction to trigger and affects multiple version branches across the XWiki and XWiki Rendering products. Patches are available for affected versions, and a manual workaround exists that requires modification of a single line in the logging_macros.vm template without requiring a restart.

XSS Xwiki Xwiki Rendering
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-55749 Maven HIGH POC PATCH This Week

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2025-55748 Maven CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2025-55747 Maven CRITICAL POC PATCH GHSA Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 4.0
9.3
EPSS
2.0%
CVE-2025-58049 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-51991 HIGH POC This Week

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection (SSTI) in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Information Disclosure Apache XSS Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2025-51990 MEDIUM POC This Month

XWiki through version 17.3.0 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities in the Administration interface, specifically under the Presentation section of the Global. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xwiki
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-54125 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-54124 Maven HIGH POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-32430 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 4.0
6.5
EPSS
0.1%
CVE-2025-53835 Maven CRITICAL PATCH Act Now

A cross-site scripting vulnerability in version 5.4.5 and (CVSS 9.0). Critical severity with potential for significant impact on affected systems. Vendor patch is available.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
1.6%
CVE-2025-49587 Maven HIGH POC PATCH This Week

Stored XSS vulnerability in XWiki affecting versions before 15.10.16, 16.4.7, and 16.10.2. An unprivileged user can inject malicious content into the NotificationDisplayerClass object of a document, which is then rendered as raw HTML when an administrator edits and saves the document, enabling XSS attacks with high integrity and confidentiality impact. The vulnerability requires low attack complexity and user interaction (admin action), with a CVSS score of 8.0 indicating significant real-world risk.

XSS Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2025-49586 Maven HIGH POC PATCH This Week

A remote code execution vulnerability in XWiki (CVSS 8.8). Risk factors: public PoC available. Vendor patch is available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
4.6%
CVE-2025-49585 Maven HIGH POC PATCH This Week

A security vulnerability in versions (CVSS 8.0). Risk factors: public PoC available. Vendor patch is available.

RCE Privilege Escalation Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2025-49584 Maven HIGH POC PATCH This Week

A security vulnerability in XWiki Platform (CVSS 7.5) that allows an attacker. Risk factors: public PoC available. Vendor patch is available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-49582 Maven HIGH POC PATCH This Week

XWiki's macro rights analyzer introduced in version 15.9RC1 contains incomplete validation that allows attackers to hide malicious script macros (Groovy, Python) by exploiting non-lowercase parameter handling and unanalyzed macro parameters. An authenticated attacker with limited privileges can inject hidden malicious macros that execute when a higher-privileged user edits the page, enabling remote code execution. This vulnerability affects XWiki versions 15.9RC1 through 16.4.6, 16.10.0-16.10.2, and 16.x-17.0.0-rc1, with patches available in versions 16.4.7, 16.10.3, and 17.0.0.

Python RCE Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2025-49581 Maven HIGH POC PATCH This Week

Critical privilege escalation vulnerability in XWiki that allows any user with page edit rights to execute arbitrary code (Groovy, Python, Velocity) with programming-level privileges by creating malicious wiki macros. An attacker can exploit wiki macro parameter defaults to inject code into high-privilege pages like XWiki.ChildrenMacro, achieving full XWiki installation compromise. The vulnerability affects XWiki versions prior to 16.4.7, 16.10.3, and 17.0.0; patch availability is confirmed across multiple release branches.

Python RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2025-49580 Maven HIGH POC PATCH GHSA This Week

Privilege escalation vulnerability in XWiki where pages can unexpectedly gain script or programming rights when they contain links to pages that are subsequently renamed or moved. This allows attackers with low privileges to execute arbitrary scripts embedded in XObjects that should have been restricted, potentially leading to complete system compromise. The vulnerability affects XWiki versions 8.2 through 17.0.x and requires user interaction (page visit) to trigger, with patches available in 17.1.0-rc-1, 16.10.4, and 16.4.7.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-56158 Maven CRITICAL PATCH Act Now

Critical SQL injection vulnerability in XWiki that allows unauthenticated remote attackers to execute arbitrary SQL queries against Oracle databases by exploiting insufficient validation of native SQL functions (DBMS_XMLGEN, DBMS_XMLQUERY) in Hibernate query processing. The vulnerability affects XWiki versions before 16.10.2, 16.4.7, and 15.10.16, with a CVSS score of 9.8 indicating critical severity and complete compromise of confidentiality, integrity, and availability. This is a pre-authentication remote code execution vector with no user interaction required.

Oracle Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-48063 Maven MEDIUM POC PATCH Monitor

XWiki is a generic wiki platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Authentication Bypass Xwiki
NVD GitHub
CVSS 4.0
4.8
EPSS
4.9%
CVE-2025-46558 Maven CRITICAL POC PATCH Act Now

XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
3.0%
CVE-2025-46557 Maven HIGH PATCH This Week

XWiki is a generic wiki platform. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xwiki
NVD GitHub
CVSS 4.0
8.4
EPSS
0.4%
CVE-2025-46554 Maven MEDIUM POC PATCH This Month

XWiki is a generic wiki platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-32974 Maven CRITICAL PATCH Act Now

XWiki is a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
1.4%
CVE-2025-32973 Maven CRITICAL POC PATCH Act Now

XWiki is a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
2.2%
CVE-2025-32972 Maven LOW PATCH Monitor

XWiki is a generic wiki platform. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-32971 Maven LOW POC PATCH Monitor

XWiki is a generic wiki platform. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-32970 Maven MEDIUM POC PATCH This Month

XWiki is a generic wiki platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-32969 Maven CRITICAL POC PATCH THREAT Act Now

XWiki is a generic wiki platform. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.9%.

SQLi Xwiki
NVD GitHub
CVSS 4.0
9.3
EPSS
26.9%
Threat
4.2
CVE-2025-32968 Maven HIGH POC PATCH This Week

XWiki is a generic wiki platform. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xwiki
NVD GitHub
CVSS 4.0
8.6
EPSS
0.9%
CVE-2025-32783 Maven MEDIUM POC This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-29926 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 4.0
7.9
EPSS
1.5%
CVE-2025-29925 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-29924 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Xwiki
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-24893 Maven CRITICAL POC KEV PATCH THREAT Act Now

XWiki Platform allows unauthenticated remote code execution through the SolrSearch endpoint, enabling guests to execute arbitrary code and compromise the entire XWiki installation.

RCE Code Injection Xwiki
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
93.9%
Threat
7.8
CVE-2025-23025 Maven CRITICAL PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
2.2%
CVE-2024-55879 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-55877 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-55876 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-55663 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Xwiki
NVD GitHub
CVSS 4.0
8.6
EPSS
0.7%
CVE-2024-55662 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-46979 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-46978 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-45591 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
3.4%
CVE-2024-43401 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-43400 Maven MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-41947 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.7%
CVE-2024-37901 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-37900 Maven MEDIUM POC PATCH THREAT This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
4.6
EPSS
15.8%
CVE-2024-37898 Maven MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-38369 Maven MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-37899 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Atlassian Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-31997 Maven HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
73.9%
CVE-2024-31996 Maven CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Xwiki
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-31988 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python CSRF Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-31987 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-31986 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-31985 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-31984 Maven HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
83.0%
CVE-2024-31983 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-31982 Maven CRITICAL POC PATCH THREAT Act Now

XWiki Platform is a generic wiki platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Xwiki
NVD GitHub
CVSS 3.1
9.8
EPSS
34.3%
CVE-2024-31981 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-31465 Maven HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
75.6%
CVE-2024-31464 Maven MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-21651 Maven HIGH PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21648 Maven HIGH PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-21650 Maven CRITICAL POC PATCH THREAT Act Now

XWiki Platform prior to specific patched versions contains a CVSS 10.0 remote code execution vulnerability through the user registration form. Attackers inject Groovy code into the first name or last name fields, which is executed server-side when the user profile page is rendered.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
10.0
EPSS
92.5%
Threat
6.3
CVE-2023-50732 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2023-50723 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-50722 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-50721 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
78.8%
CVE-2023-50720 Maven MEDIUM POC PATCH THREAT This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
59.1%
CVE-2023-50719 Maven HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
83.5%
CVE-2023-48293 Maven HIGH PATCH This Week

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-48241 Maven HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
72.8%
CVE-2023-48240 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-46243 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-46244 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-46242 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-38509 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-46732 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2023-46731 Maven CRITICAL POC PATCH THREAT Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
9.8
EPSS
88.5%
CVE-2023-45137 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-45136 Maven CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Xwiki
NVD GitHub
CVSS 3.1
9.6
EPSS
5.1%
CVE-2023-45135 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
1.7%
CVE-2023-45134 Maven CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
1.8%
CVE-2023-37913 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Path Traversal Microsoft Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-37911 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-37910 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Xwiki versions up to 17.9.0 is affected by improper restriction of rendered ui layers or frames (CVSS 6.1).

XSS Xwiki
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Reflected XSS in XWiki Platform versions 7.0 through 17.7.0 enables attackers to craft malicious URLs that execute arbitrary actions with victim privileges, potentially leading to full installation compromise if the victim holds administrative or programming rights. The vulnerability requires user interaction to trigger and affects multiple version branches across the XWiki and XWiki Rendering products. Patches are available for affected versions, and a manual workaround exists that requires modification of a single line in the logging_macros.vm template without requiring a restart.

XSS Xwiki Xwiki Rendering
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
EPSS 2% CVSS 9.3
CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection (SSTI) in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Information Disclosure Apache +2
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

XWiki through version 17.3.0 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities in the Administration interface, specifically under the Presentation section of the Global. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xwiki
NVD GitHub
EPSS 1% CVSS 8.7
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
EPSS 2% CVSS 9.0
CRITICAL PATCH Act Now

A cross-site scripting vulnerability in version 5.4.5 and (CVSS 9.0). Critical severity with potential for significant impact on affected systems. Vendor patch is available.

XSS Xwiki
NVD GitHub
EPSS 0% CVSS 8.0
HIGH POC PATCH This Week

Stored XSS vulnerability in XWiki affecting versions before 15.10.16, 16.4.7, and 16.10.2. An unprivileged user can inject malicious content into the NotificationDisplayerClass object of a document, which is then rendered as raw HTML when an administrator edits and saves the document, enabling XSS attacks with high integrity and confidentiality impact. The vulnerability requires low attack complexity and user interaction (admin action), with a CVSS score of 8.0 indicating significant real-world risk.

XSS Xwiki
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC PATCH This Week

A remote code execution vulnerability in XWiki (CVSS 8.8). Risk factors: public PoC available. Vendor patch is available.

RCE Xwiki
NVD GitHub
EPSS 0% CVSS 8.0
HIGH POC PATCH This Week

A security vulnerability in versions (CVSS 8.0). Risk factors: public PoC available. Vendor patch is available.

RCE Privilege Escalation Code Injection +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A security vulnerability in XWiki Platform (CVSS 7.5) that allows an attacker. Risk factors: public PoC available. Vendor patch is available.

Information Disclosure Xwiki
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC PATCH This Week

XWiki's macro rights analyzer introduced in version 15.9RC1 contains incomplete validation that allows attackers to hide malicious script macros (Groovy, Python) by exploiting non-lowercase parameter handling and unanalyzed macro parameters. An authenticated attacker with limited privileges can inject hidden malicious macros that execute when a higher-privileged user edits the page, enabling remote code execution. This vulnerability affects XWiki versions 15.9RC1 through 16.4.6, 16.10.0-16.10.2, and 16.x-17.0.0-rc1, with patches available in versions 16.4.7, 16.10.3, and 17.0.0.

Python RCE Xwiki
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Critical privilege escalation vulnerability in XWiki that allows any user with page edit rights to execute arbitrary code (Groovy, Python, Velocity) with programming-level privileges by creating malicious wiki macros. An attacker can exploit wiki macro parameter defaults to inject code into high-privilege pages like XWiki.ChildrenMacro, achieving full XWiki installation compromise. The vulnerability affects XWiki versions prior to 16.4.7, 16.10.3, and 17.0.0; patch availability is confirmed across multiple release branches.

Python RCE Xwiki
NVD GitHub
EPSS 0% CVSS 8.0
HIGH POC PATCH This Week

Privilege escalation vulnerability in XWiki where pages can unexpectedly gain script or programming rights when they contain links to pages that are subsequently renamed or moved. This allows attackers with low privileges to execute arbitrary scripts embedded in XObjects that should have been restricted, potentially leading to complete system compromise. The vulnerability affects XWiki versions 8.2 through 17.0.x and requires user interaction (page visit) to trigger, with patches available in 17.1.0-rc-1, 16.10.4, and 16.4.7.

Information Disclosure Xwiki
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Critical SQL injection vulnerability in XWiki that allows unauthenticated remote attackers to execute arbitrary SQL queries against Oracle databases by exploiting insufficient validation of native SQL functions (DBMS_XMLGEN, DBMS_XMLQUERY) in Hibernate query processing. The vulnerability affects XWiki versions before 16.10.2, 16.4.7, and 15.10.16, with a CVSS score of 9.8 indicating critical severity and complete compromise of confidentiality, integrity, and availability. This is a pre-authentication remote code execution vector with no user interaction required.

Oracle Information Disclosure Xwiki
NVD GitHub
EPSS 5% CVSS 4.8
MEDIUM POC PATCH Monitor

XWiki is a generic wiki platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Authentication Bypass Xwiki
NVD GitHub
EPSS 3% CVSS 9.0
CRITICAL POC PATCH Act Now

XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

XWiki is a generic wiki platform. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xwiki
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

XWiki is a generic wiki platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

XWiki is a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
EPSS 2% CVSS 9.0
CRITICAL POC PATCH Act Now

XWiki is a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
EPSS 0% CVSS 2.7
LOW PATCH Monitor

XWiki is a generic wiki platform. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Xwiki
NVD GitHub
EPSS 0% CVSS 3.8
LOW POC PATCH Monitor

XWiki is a generic wiki platform. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

XWiki is a generic wiki platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Xwiki
NVD GitHub
EPSS 27% 4.2 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

XWiki is a generic wiki platform. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.9%.

SQLi Xwiki
NVD GitHub
EPSS 1% CVSS 8.6
HIGH POC PATCH This Week

XWiki is a generic wiki platform. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xwiki
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM POC This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
EPSS 1% CVSS 7.9
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Xwiki
NVD GitHub
EPSS 94% 7.8 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

XWiki Platform allows unauthenticated remote code execution through the SolrSearch endpoint, enabling guests to execute arbitrary code and compromise the entire XWiki installation.

RCE Code Injection Xwiki
NVD GitHub Exploit-DB
EPSS 2% CVSS 9.0
CRITICAL PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 8.6
HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
EPSS 1% CVSS 8.0
HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Xwiki
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
EPSS 2% CVSS 5.4
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection RCE Xwiki
NVD GitHub
EPSS 16% CVSS 4.6
MEDIUM POC PATCH THREAT This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xwiki
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Atlassian +1
NVD GitHub
EPSS 74% CVSS 8.8
HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python CSRF +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Xwiki
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Xwiki
NVD GitHub
EPSS 83% CVSS 8.8
HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
EPSS 34% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XWiki Platform is a generic wiki platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
EPSS 76% CVSS 8.8
HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Information Disclosure Xwiki
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xwiki
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xwiki
NVD GitHub
EPSS 0% CVSS 8.0
HIGH PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
EPSS 93% 6.3 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

XWiki Platform prior to specific patched versions contains a CVSS 10.0 remote code execution vulnerability through the user registration form. Attackers inject Groovy code into the first name or last name fields, which is executed server-side when the user profile page is rendered.

RCE Code Injection Xwiki
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Xwiki
NVD GitHub
EPSS 79% CVSS 8.8
HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
EPSS 59% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xwiki
NVD GitHub
EPSS 84% CVSS 7.5
HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xwiki
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Xwiki
NVD GitHub
EPSS 73% CVSS 7.5
HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Xwiki
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
EPSS 89% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Xwiki
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
EPSS 5% CVSS 9.6
CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Xwiki
NVD GitHub
EPSS 2% CVSS 8.0
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
EPSS 2% CVSS 9.0
CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Path Traversal Microsoft +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy