Skip to main content

Xwiki

223 CVEs product

Monthly

CVE-2022-41931 Maven HIGH POC PATCH This Week

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-41930 Maven HIGH POC PATCH This Week

org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.2
EPSS
0.8%
CVE-2022-41929 Maven MEDIUM POC PATCH This Month

org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-41928 Maven HIGH POC PATCH This Week

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-41927 Maven HIGH PATCH This Week

XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Xwiki
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2022-41937 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-41936 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-36100 Maven HIGH POC PATCH THREAT This Week

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
73.6%
CVE-2022-36099 Maven HIGH POC PATCH THREAT This Week

XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
75.9%
CVE-2022-36098 Maven CRITICAL POC PATCH THREAT Act Now

XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
71.0%
CVE-2022-36097 Maven MEDIUM POC PATCH THREAT This Month

XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
57.4%
CVE-2022-36096 Maven CRITICAL PATCH Act Now

The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
59.5%
CVE-2022-36095 Maven MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Xwiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-36094 Maven CRITICAL POC PATCH THREAT Act Now

XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
64.1%
CVE-2022-36093 Maven HIGH PATCH This Week

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2022-36092 Maven HIGH PATCH This Week

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36091 Maven HIGH PATCH This Week

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-36090 Maven HIGH POC PATCH This Week

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-31167 Maven MEDIUM POC PATCH This Month

XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31166 Maven HIGH POC PATCH This Week

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-29258 Maven MEDIUM PATCH This Month

XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-29253 Maven LOW PATCH Monitor

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Xwiki
NVD GitHub
CVSS 3.1
2.7
EPSS
1.0%
CVE-2022-29252 Maven MEDIUM PATCH This Month

XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-29251 Maven MEDIUM PATCH This Month

XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-29161 Maven CRITICAL PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-24897 Maven HIGH POC PATCH This Week

APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Java Path Traversal Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-24820 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-24819 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
3.3%
CVE-2022-24821 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-32731 Maven MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-32730 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF Xwiki
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2021-32729 Maven MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32621 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-32620 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-29459 Maven MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-21380 Maven HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-21379 Maven MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-3137 Maven MEDIUM POC PATCH This Month

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xwiki
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13654 Maven HIGH PATCH This Week

XWiki Platform before 12.8 mishandles escaping in the property displayer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-15252 Maven HIGH POC PATCH This Week

In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2020-15171 Maven MEDIUM PATCH This Month

In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
6.6
EPSS
1.3%
CVE-2020-11057 HIGH POC PATCH This Week

In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2018-16277 Maven MEDIUM POC This Month

The Image Import function in XWiki through 10.7 has XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xwiki
NVD
CVSS 3.0
5.4
EPSS
0.6%
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python RCE Code Injection +1
NVD GitHub
EPSS 1% CVSS 8.2
HIGH POC PATCH This Week

org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM POC PATCH This Month

org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Xwiki
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Xwiki
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Xwiki
NVD GitHub
EPSS 74% CVSS 8.8
HIGH POC PATCH THREAT This Week

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 76% CVSS 8.8
HIGH POC PATCH THREAT This Week

XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 71% CVSS 9.0
CRITICAL POC PATCH THREAT Act Now

XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
EPSS 57% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
EPSS 59% CVSS 9.0
CRITICAL PATCH Act Now

The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xwiki
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Xwiki
NVD GitHub
EPSS 64% CVSS 9.0
CRITICAL POC PATCH THREAT Act Now

XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xwiki
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Xwiki
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
EPSS 1% CVSS 2.7
LOW PATCH Monitor

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Xwiki
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Java Path Traversal Xwiki
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xwiki
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF Xwiki
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xwiki
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Xwiki
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xwiki
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Xwiki
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xwiki
NVD Exploit-DB
EPSS 2% CVSS 7.5
HIGH PATCH This Week

XWiki Platform before 12.8 mishandles escaping in the property displayer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xwiki
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection +1
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM PATCH This Month

In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Code Injection +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Python +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Image Import function in XWiki through 10.7 has XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xwiki
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy