Home/Product/xwiki
Product

xwiki

271 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-51846
>= 2025.3.1 and < 2026.2.2
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny ser
7.5HIGH
 CVE-2026-40105
>= 10.4 and < 16.10.16
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 10.4-rc-1, throu
6.1MEDIUM
 CVE-2026-40104
>= 1.8 and < 16.10.16
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0
8.2HIGH
 CVE-2026-33229
>= 17.0.0 and < 17.4.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10
9.8CRITICAL
 CVE-2026-26000
< 16.10.13
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6,
6.1MEDIUM
 CVE-2026-24128
all versions
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2
6.1MEDIUM
 CVE-2025-66474
< 16.10.10
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another
8.8HIGH
 CVE-2025-66473
< 16.10.11
XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17
7.5HIGH
 CVE-2025-66472
>= 6.2 and < 16.10.10
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1
6.1MEDIUM
 CVE-2025-65036
< 1.27.1
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the m
8.3HIGH
 CVE-2025-55749
>= 16.7.0 and < 16.10.11
XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWik
7.5HIGH
 CVE-2025-65089
< 1.27.0
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.
6.8MEDIUM
 CVE-2025-55728
>= 1.0 and < 1.26.5
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.
10.0CRITICAL
 CVE-2025-55727
>= 1.0 and < 1.26.5
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.
10.0CRITICAL
 CVE-2025-55748
>= 4.3 and < 16.10.7
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone
7.5HIGH
 CVE-2025-55747
>= 6.2 and < 16.10.7
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-mileston
9.1CRITICAL
 CVE-2025-58049
>= 14.4.2 and < 16.4.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 t
5.8MEDIUM
 CVE-2025-51991
<= 17.3.0
XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection (SSTI) in the Administration interface, specifically
8.8HIGH
 CVE-2025-51990
<= 17.3.0
XWiki through version 17.3.0 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities in the Administration inter
4.8MEDIUM
 CVE-2025-54125
>= 1.1 and < 16.4.7
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old
6.5MEDIUM
 CVE-2025-54124
>= 9.8 and < 16.4.7
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old
6.5MEDIUM
 CVE-2025-32430
>= 4.3 and < 16.4.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone
6.1MEDIUM
 CVE-2025-54385
< 16.10.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions between 17.0.
9.8CRITICAL
 CVE-2025-32429
>= 9.4 and < 16.10.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 thro
9.8CRITICAL
 CVE-2025-53836
>= 4.3 and < 13.10.11
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another
9.9CRITICAL
 CVE-2025-53835
>= 5.4.5 and < 14.10
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another
9.0CRITICAL
 CVE-2025-49591
< 2025.3.0
CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be tr
9.1CRITICAL
 CVE-2025-49590
< 2025.3.0
CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs
6.1MEDIUM
 CVE-2025-49587
>= 15.9 and < 15.10.16
XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Co
8.0HIGH
 CVE-2025-49586
>= 7.3 and < 16.4.7
XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the
8.8HIGH
 CVE-2025-49585
< 15.10.16
XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when a
8.0HIGH
 CVE-2025-49584
>= 10.9 and < 16.4.7
XWiki is a generic wiki platform. In XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, th
7.5HIGH
 CVE-2025-49583
< 15.10.16
XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.Notificati
3.5LOW
 CVE-2025-49582
>= 15.9 and < 16.4.7
XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were aut
8.0HIGH
 CVE-2025-49581
>= 11.10.11 and < 12.0
XWiki is a generic wiki platform. Any user with edit right on a page (could be the user's profile) can execute code (Groovy, Pytho
8.8HIGH
 CVE-2025-49580
>= 7.4.5 and < 16.4.7
XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming
8.0HIGH
 CVE-2024-56158
>= 1.0 and < 15.10.16
XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMS_XMLGEN or DBMS_
9.8CRITICAL
 CVE-2025-48063
>= 16.10.0 and < 16.10.4
XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can
8.8HIGH
 CVE-2025-46558
>= 8.2 and < 8.9
XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versio
9.0CRITICAL
 CVE-2025-46557
>= 15.3 and < 15.10.14
XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and f
9.8CRITICAL
 CVE-2025-46554
>= 1.8.1 and < 14.10.22
XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0
5.3MEDIUM
 CVE-2025-32974
>= 15.9 and < 15.10.8
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the
9.0CRITICAL
 CVE-2025-32973
>= 15.9 and < 15.10.12
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and f
9.0CRITICAL
 CVE-2025-32972
>= 6.2 and < 15.10.12
XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3,
2.7LOW
 CVE-2025-32971
>= 4.5.1 and < 15.10.13
XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from
3.8LOW
 CVE-2025-32970
>= 13.5 and < 15.10.13
XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and f
6.1MEDIUM
 CVE-2025-32969
>= 1.8 and < 15.10.16
XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a r
9.8CRITICAL
 CVE-2025-32968
>= 1.6 and < 15.10.16
XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possibl
8.8HIGH
 CVE-2025-32783
>= 5.0 and <= 16.7.1
XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enable
4.7MEDIUM
 CVE-2025-29926
>= 5.4.1 and < 15.10.15
XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API t
9.8CRITICAL
 CVE-2025-29925
>= 1.9 and < 15.10.14
XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting
5.3MEDIUM
 CVE-2025-29924
>= 6.1 and < 15.10.14
XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to
7.5HIGH
 CVE-2025-24893
>= 5.4 and < 15.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arb
9.8CRITICAL
 CVE-2025-23025
>= 13.9 and < 15.10.12
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWY
9.0CRITICAL
 CVE-2024-55879
>= 2.3 and < 15.10.9
XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rig
9.1CRITICAL
 CVE-2024-55877
>= 9.7 and < 15.10.11
XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any us
9.9CRITICAL
 CVE-2024-55876
>= 1.2.1 and < 15.10.9
XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user
5.4MEDIUM
 CVE-2024-55663
>= 6.4 and < 13.10.5
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in `ge
9.8CRITICAL
 CVE-2024-55662
>= 3.3 and < 15.10.9
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instan
9.9CRITICAL
 CVE-2024-52300
< 2.5.6
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly e
9.0CRITICAL
 CVE-2024-52299
< 2.5.6
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can acces
7.5HIGH
 CVE-2024-52298
< 2.5.6
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachme
7.5HIGH
 CVE-2024-46979
>= 13.2 and < 14.10.21
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get acce
5.3MEDIUM
 CVE-2024-46978
>= 13.2 and < 14.10.21
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any use
6.5MEDIUM
 CVE-2024-45591
>= 1.8 and < 15.10.9
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the n
5.3MEDIUM
 CVE-2024-43401
<= 15.9
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/pro
9.0CRITICAL
 CVE-2024-43400
< 14.10.21
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user
9.0CRITICAL
 CVE-2024-42489
>= 1.0 and < 1.10.1
Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor
10.0CRITICAL
 CVE-2024-41947
>= 11.8 and < 15.10.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict wh
9.0CRITICAL
 CVE-2024-37901
>= 9.2 and < 14.10.21
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right
9.9CRITICAL
 CVE-2024-37900
> 4.2 and < 14.10.21
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachm
6.4MEDIUM
 CVE-2024-37898
>= 13.10.4 and < 14.0
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but
4.3MEDIUM
 CVE-2024-38369
>= 1.5 and < 15.0
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document
9.9CRITICAL
 CVE-2024-37899
>= 13.10.3 and < 14.10.21
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a
9.0CRITICAL
 CVE-2024-31997
< 14.10.19
XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are alwa
9.9CRITICAL
 CVE-2024-31996
>= 3.0.1 and < 14.10.19
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HT
10.0CRITICAL
 CVE-2024-31988
>= 13.9 and < 14.10.19
XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, wh
9.6CRITICAL
 CVE-2024-31987
>= 6.4 and < 14.10.19
XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc
9.9CRITICAL
 CVE-2024-31986
>= 3.1.1 and < 14.10.19
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creat
9.0CRITICAL
 CVE-2024-31985
>= 3.1.1 and < 14.10.19
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is po
5.4MEDIUM
 CVE-2024-31984
>= 7.3 and < 14.10.20
XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by
9.9CRITICAL
 CVE-2024-31983
>= 4.3.1 and < 14.10.20
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circu
9.9CRITICAL
 CVE-2024-31982
>= 2.4 and < 14.10.20
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc
10.0CRITICAL
 CVE-2024-31981
>= 3.0.1 and < 14.10.19
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote
9.9CRITICAL
 CVE-2024-31465
>= 5.3 and < 14.10.20
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any
9.9CRITICAL
 CVE-2024-31464
>= 5.0 and < 14.10.19
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it
6.8MEDIUM
 CVE-2024-21651
>= 14.10 and < 14.10.18
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a f
7.5HIGH
 CVE-2024-21648
< 14.10.17
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is mi
8.0HIGH
 CVE-2024-21650
< 14.10.17
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a
10.0CRITICAL
 CVE-2023-50732
>= 8.3 and < 14.10.7
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute
8.3HIGH
 CVE-2023-50723
>= 2.3 and < 14.10.5
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can e
9.9CRITICAL
 CVE-2023-50722
>= 2.3 and < 14.10.5
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a refle
9.6CRITICAL
 CVE-2023-50721
>= 4.5 and < 14.10.5
XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search
9.9CRITICAL
 CVE-2023-50720
< 14.10.5
XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discl
5.3MEDIUM
 CVE-2023-50719
>= 7.3 and < 14.10.5
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the
7.5HIGH
 CVE-2023-49280
>= 0.1 and < 1.10
XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change
7.7HIGH
 CVE-2023-48293
< 4.5.1
The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request
8.8HIGH
 CVE-2023-48241
>= 6.4 and < 14.10.5
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1
7.5HIGH
 CVE-2023-48240
>= 11.10.1 and < 14.10.15
XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not dis
9.0CRITICAL
 CVE-2023-46243
>= 1.0 and < 14.10.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's
9.9CRITICAL
 CVE-2023-46244
>= 3.3 and < 14.10.7
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's
9.1CRITICAL
 CVE-2023-46242
>= 1.0 and < 14.10.7
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's
9.6CRITICAL
 CVE-2023-38509
>= 3.5 and < 14.10.9
XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1
4.3MEDIUM
 CVE-2023-46732
>= 9.7 and < 14.10.14
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to re
9.6CRITICAL
 CVE-2023-46731
< 14.10.14
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly es
10.0CRITICAL
 CVE-2023-45137
>= 3.1.1 and < 13.4
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki
9.0CRITICAL
 CVE-2023-45136
>= 12.0 and < 14.10.12
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are v
9.6CRITICAL
 CVE-2023-45135
>= 7.3 and < 14.10.12
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In `org.xwiki.platform:xw
9.0CRITICAL
 CVE-2023-45134
>= 3.1.1 and < 13.4
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki
9.0CRITICAL
 CVE-2023-37913
>= 3.5 and < 14.10.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-m
9.9CRITICAL
 CVE-2023-37912
< 14.10.6
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version
9.9CRITICAL
 CVE-2023-37911
> 9.4 and <= 14.10.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-r
6.5MEDIUM
 CVE-2023-37910
>= 14.0 and < 14.4.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introdu
8.1HIGH
 CVE-2023-37909
>= 5.1 and < 14.10.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-r
9.9CRITICAL
 CVE-2023-37908
>= 14.6 and < 14.10.4
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of a
9.0CRITICAL
 CVE-2023-45138
>= 0.11 and < 1.9.2
Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in v
10.0CRITICAL
 CVE-2023-41046
>= 7.2 and < 14.10.10
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki t
6.3MEDIUM
 CVE-2023-40573
< 14.10.9
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled
9.0CRITICAL
 CVE-2023-40572
< 14.10.9
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vuln
9.0CRITICAL
 CVE-2023-40177
>= 4.3.1 and < 14.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can u
9.9CRITICAL
 CVE-2023-40176
>= 4.1.1 and < 14.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can e
9.0CRITICAL
 CVE-2023-37914
>= 2.5 and < 14.4.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `In
9.9CRITICAL
 CVE-2023-37462
>= 7.0 and < 14.4.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the
9.9CRITICAL
 CVE-2023-37277
>= 1.8 and < 14.10.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows execu
9.6CRITICAL
 CVE-2023-36477
>= 14.6 and < 14.10.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights
9.0CRITICAL
 CVE-2023-36470
>= 6.2 and < 14.10.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new
9.9CRITICAL
 CVE-2023-36469
>= 9.6 and < 14.10.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit the
9.9CRITICAL
 CVE-2023-36468
>= 2.0 and < 14.10.7
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installatio
9.9CRITICAL
 CVE-2023-36471
>= 14.6 and < 14.10.6
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since ver
9.0CRITICAL
 CVE-2023-35162
>= 6.2 and < 14.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge a
9.6CRITICAL
 CVE-2023-35161
>= 6.2.1 and < 14.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge a
9.6CRITICAL
 CVE-2023-35160
>= 3.0 and < 14.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge a
9.6CRITICAL
 CVE-2023-35159
>= 3.5 and < 14.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge a
9.6CRITICAL
 CVE-2023-35158
>= 9.4 and < 14.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge a
9.6CRITICAL
 CVE-2023-35157
< 14.10.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform
8.4HIGH
 CVE-2023-35156
>= 6.0.1 and < 14.10.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge a
9.6CRITICAL
 CVE-2023-35155
< 14.4.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge a
8.8HIGH
 CVE-2023-35153
>= 5.4.4 and < 14.4.8
XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cro
9.0CRITICAL
 CVE-2023-35152
>= 12.9 and < 14.4.8
XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logg
9.9CRITICAL
 CVE-2023-35151
>= 7.4 and < 14.4.8
XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny
7.5HIGH
 CVE-2023-35150
>= 2.5 and < 14.4.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m
9.9CRITICAL
 CVE-2023-34467
>= 3.5.1 and < 14.4.8
XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-
7.5HIGH
 CVE-2023-34466
>= 5.0.1 and < 14.4.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-m
4.3MEDIUM
 CVE-2023-34465
>= 11.8.1 and < 14.4.8
XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.Ma
9.9CRITICAL
 CVE-2023-34464
>= 2.2.1 and < 14.4.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1
9.0CRITICAL
 CVE-2023-35166
>= 8.1 and < 14.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute
9.9CRITICAL
 CVE-2023-32068
< 14.10.4
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.1
4.7MEDIUM
 CVE-2023-32070
<= 14.5
XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attrib
9.0CRITICAL
 CVE-2023-32071
>= 2.3 and < 14.4.8
XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc
9.0CRITICAL
 CVE-2023-32069
>= 3.4 and < 14.10.4
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's p
9.9CRITICAL
 CVE-2023-31126
>= 14.6 and < 14.10.4
org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduce
9.0CRITICAL
 CVE-2023-29528
>= 4.3 and < 14.10
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner
9.0CRITICAL
 CVE-2023-29527
>= 7.4.4 and < 14.10.3
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a us
9.9CRITICAL
 CVE-2023-29526
>= 10.11.1 and < 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's
9.9CRITICAL
 CVE-2023-29525
< 14.4.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwik
9.9CRITICAL
 CVE-2023-29524
< 14.10.3
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute
9.9CRITICAL
 CVE-2023-29523
< 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit the
9.9CRITICAL
 CVE-2023-29522
< 14.4.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights
9.9CRITICAL
 CVE-2023-29521
< 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights
8.4HIGH
 CVE-2023-29520
< 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break ma
4.3MEDIUM
 CVE-2023-29519
< 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can per
9.0CRITICAL
 CVE-2023-29518
< 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights
9.9CRITICAL
 CVE-2023-29517
< 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The office document viewe
7.5HIGH
 CVE-2023-29516
< 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights
9.9CRITICAL
 CVE-2023-29515
< 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a
7.7HIGH
 CVE-2023-29514
< 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights
9.9CRITICAL
 CVE-2023-29513
< 14.10.1
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right o
5.0MEDIUM
 CVE-2023-29512
< 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights
9.9CRITICAL
 CVE-2023-29510
< 14.10.2
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can
9.9CRITICAL
 CVE-2023-29213
> 4.2 and < 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `
9.0CRITICAL
 CVE-2023-30537
>= 12.6.6 and < 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right t
9.9CRITICAL
 CVE-2023-29511
>= 1.7 and < 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights
9.9CRITICAL
 CVE-2023-29509
< 13.10.11
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly acce
9.9CRITICAL
 CVE-2023-29508
< 13.10.11
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce
8.9HIGH
 CVE-2023-29507
>= 14.4.1 and < 14.4.7
XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a
9.1CRITICAL
 CVE-2023-29506
>= 13.10.8 and < 13.10.11
XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using
5.4MEDIUM
 CVE-2023-29214
< 13.10.11
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbi
9.9CRITICAL
 CVE-2023-29212
>= 14.0 and < 14.4.7
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbi
9.9CRITICAL
 CVE-2023-29211
< 13.10.11
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights `WikiManager.Del
9.9CRITICAL
 CVE-2023-29210
< 13.10.11
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly acce
9.9CRITICAL
 CVE-2023-29209
>= 10.9 and < 13.10.11
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly acce
9.9CRITICAL
 CVE-2023-29208
>= 1.1 and < 13.10.11
XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken i
7.5HIGH
 CVE-2023-29207
>= 1.9 and < 13.10.10
XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly saniti
8.9HIGH
 CVE-2023-29206
> 3.0 and <= 14.8
XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a Java
9.0CRITICAL
 CVE-2023-29205
<= 14.7
XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically per
9.9CRITICAL
 CVE-2023-29204
>= 6.0 and < 13.10.10
XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing secu
4.7MEDIUM
 CVE-2023-29203
>= 13.9 and < 13.10.8
XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are n
3.7LOW
 CVE-2023-29202
> 1.8 and <= 14.5
XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki inc
9.0CRITICAL
 CVE-2023-29201
>= 5.0 and <= 14.5
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner
9.0CRITICAL
 CVE-2023-27480
> 1.1 and < 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any
7.7HIGH
 CVE-2023-27479
> 6.3 and < 13.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any
9.9CRITICAL
 CVE-2023-26476
>= 3.3 and < 13.4.4
XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repe
7.5HIGH
 CVE-2023-26475
> 2.3 and < 13.10.11
XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the cont
9.9CRITICAL
 CVE-2023-26474
>= 13.10 and < 13.10.11
XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document conte
9.9CRITICAL
 CVE-2023-26473
>= 1.3 and < 13.10.11
XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database s
6.5MEDIUM
 CVE-2023-26472
>= 6.2.1 and < 13.10.10
XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of
9.9CRITICAL
 CVE-2023-26471
>= 11.6 and < 13.10.10
XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of s
9.9CRITICAL
 CVE-2023-26470
< 14.0
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the
5.7MEDIUM
 CVE-2023-26056
>= 3.1 and < 13.10.10
XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right o
5.4MEDIUM
 CVE-2023-26055
>= 3.2 and < 13.10.9
XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any u
9.9CRITICAL
 CVE-2023-26480
>= 12.10 and < 13.10.10
XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-si
8.9HIGH
 CVE-2023-26479
>= 6.0 and < 13.10.10
XWiki Platform is a generic wiki platform. Starting in version 6.0, users with write rights can insert well-formed content that is
6.5MEDIUM
 CVE-2023-26478
>= 14.3 and < 14.4.6
XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, `org.xwiki.store.script.TemporaryAttachmentsScriptServic
6.6MEDIUM
 CVE-2023-26477
>= 6.2.4 and < 13.10.10
XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax
10.0CRITICAL
 CVE-2023-22457
< 1.64.3
CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he CKEditor.HTMLConverter
9.0CRITICAL
 CVE-2022-41933
> 13.1 and < 13.10.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgott
6.2MEDIUM
 CVE-2022-41932
< 13.10.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWi
7.5HIGH
 CVE-2022-41935
>= 12.10.11 and < 13.10.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right t
5.3MEDIUM
 CVE-2022-41934
< 13.10.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights
9.9CRITICAL
 CVE-2022-41931
> 6.4 and < 13.10.7
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). An
9.9CRITICAL
 CVE-2022-41930
>= 12.4 and < 13.10.7
org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not)
7.5HIGH
 CVE-2022-41929
> 11.7 and < 13.10.7
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly autho
4.9MEDIUM
 CVE-2022-41928
> 5.0 and < 13.10.7
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentS
9.9CRITICAL
 CVE-2022-41927
> 3.2 and < 13.10.7
XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needin
7.4HIGH
 CVE-2022-41937
< 13.10.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows an
9.6CRITICAL
 CVE-2022-41936
>= 8.1 and < 13.10.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The modifications rest
5.3MEDIUM
 CVE-2022-36100
>= 1.7 and < 13.10.6
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with v
9.9CRITICAL
 CVE-2022-36099
>= 5.4 and < 13.10.6
XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with versi
9.9CRITICAL
 CVE-2022-36098
>= 12.5 and < 13.10.6
XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. S
8.9HIGH
 CVE-2022-36097
>= 14.0 and < 14.3
XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform.
8.9HIGH
 CVE-2022-36096
>= 2.3 and < 13.10.6
The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a
8.9HIGH
 CVE-2022-36095
>= 2.3 and < 13.10.6
XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forg
4.3MEDIUM
 CVE-2022-36094
>= 1.0 and < 13.10.6
XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 an
8.9HIGH
 CVE-2022-36093
>= 8.0 and < 13.10.5
XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution
8.5HIGH
 CVE-2022-36092
< 13.10.4
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rig
7.5HIGH
 CVE-2022-36091
>= 1.3 and < 13.10.4
XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and
7.5HIGH
 CVE-2022-36090
>= 1.1 and < 13.10.5
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, s
8.1HIGH
 CVE-2022-31167
>= 5.0 and < 12.10.11
XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5
7.1HIGH
 CVE-2022-31166
>= 11.3.7 and < 13.10.4
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12
8.1HIGH
 CVE-2022-29258
>= 5.4.4 and < 12.10.11
XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with se
7.4HIGH
 CVE-2022-29253
>= 8.4 and < 13.10.3
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3
2.7LOW
 CVE-2022-29252
>= 5.4 and < 12.10.11
XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI
7.4HIGH
 CVE-2022-29251
>= 6.2.4 and < 12.10.11
XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with version
7.4HIGH
 CVE-2022-29161
< 13.10.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will
5.4MEDIUM
 CVE-2022-24897
>= 2.3 and < 12.6.7
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prio
7.5HIGH
 CVE-2022-24898
>= 2.7 and < 12.10.10
org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior t
4.9MEDIUM
 CVE-2022-24820
< 12.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the
5.3MEDIUM
 CVE-2022-24819
< 12.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the
5.3MEDIUM
 CVE-2022-24821
>= 12.0.0 and < 12.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create g
6.8MEDIUM
 CVE-2022-23622
<= 12.10.10
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions ther
7.4HIGH
 CVE-2022-23621
< 12.10.9
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any
5.5MEDIUM
 CVE-2022-23620
<= 13.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions Abst
6.8MEDIUM
 CVE-2022-23619
< 12.10.9
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's
5.3MEDIUM
 CVE-2022-23618
<= 12.10.6
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions ther
4.7MEDIUM
 CVE-2022-23617
<= 12.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any
6.5MEDIUM
 CVE-2022-23616
>= 3.1.1 and <= 13.1
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's
8.8HIGH
 CVE-2022-23615
>= 1.0 and < 13.0
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any
5.4MEDIUM
 CVE-2021-43841
>= 1.0 and < 12.10.6
XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configura
5.4MEDIUM
 CVE-2021-32732
< 12.10.5
### Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is a
7.5HIGH
 CVE-2021-32731
all versions
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) v
5.3MEDIUM
 CVE-2021-32730
< 12.10.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forg
5.7MEDIUM
 CVE-2021-32729
>= 11.6.1 and < 12.6.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in
2.0LOW
 CVE-2021-32621
>= 3.0.1 and < 12.6.7
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6
8.8HIGH
 CVE-2021-32620
>= 11.6 and < 11.10.13
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.1
8.8HIGH
 CVE-2021-29459
< 12.6.3
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persist
9.6CRITICAL
 CVE-2021-21380
>= 6.4.1 and <= 12.8
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of X
7.7HIGH
 CVE-2021-21379
>= 11.4 and < 11.10.11
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of X
7.7HIGH
 CVE-2021-3137
all versions
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
5.4MEDIUM
 CVE-2020-13654
< 12.8
XWiki Platform before 12.8 mishandles escaping in the property displayer.
7.5HIGH
 CVE-2020-15252
< 11.10.6
In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the applicat
8.5HIGH
 CVE-2020-15171
< 11.10.5
In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the applic
6.6MEDIUM
 CVE-2020-11057
>= 7.2 and <= 11.10.2
In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groov
9.9CRITICAL
 CVE-2019-15302
< 3.0.0
The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with edit
6.5MEDIUM
 CVE-2018-16277
<= 10.7
The Image Import function in XWiki through 10.7 has XSS.
5.4MEDIUM
 CVE-2017-1000051
<= 1.1.0
Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbit
6.1MEDIUM
 CVE-2010-4642
<= 2.4
Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or
 CVE-2010-4641
<= 2.4
SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecifi
 CVE-2007-4898
<= 1.1_rc1
Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 Enterprise RC2 allows remote authenticated users, with admin
 CVE-2007-4888
all versions
The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content
 CVE-2006-7223
all versions
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a docu
 CVE-2005-4862
all versions
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive info
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin