Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / org.xwiki.platform

org.xwiki.platform

231 tracked vulnerabilities.

CVE-2024-43401 CRITICAL

XWiki Platform < 15.10-rc-1 - Unauthenticated Privilege Escalation via WYSIWYG Editor Payload

CVE-2024-43400 CRITICAL

XWiki < 14.10.21 - Stored Cross-Site Scripting via Crafted URL

CVE-2024-41947 CRITICAL

XWiki 11.8-15.10.7 - Stored Cross-Site Scripting via Edit Conflict

CVE-2024-37901 CRITICAL

XWiki 9.2-14.10.20 - Authenticated Remote Code Execution via SearchSuggestClass Instances

CVE-2024-37900 MEDIUM

XWiki 4.2-14.10.21 - Stored Cross-Site Scripting via Malicious Attachment Filename

CVE-2024-37898 MEDIUM

XWiki Platform 13.10.4-14.0 and 13.10.4-14.10.21 - Missing Authorization in Page Deletion

CVE-2024-38369 CRITICAL

XWiki Platform - Privilege Escalation

CVE-2024-37899 CRITICAL

XWiki Platform 13.10.3-14.10.20 - Authenticated Remote Code Execution via User Profile Disabling

CVE-2024-31997 CRITICAL

XWiki Platform <4.10.19, 15.5.4, 15.10-rc-1 - RCE

CVE-2024-31988 CRITICAL

XWiki Platform <4.10.19, 15.5.4, 15.10-rc-1 - RCE

CVE-2024-31987 CRITICAL

XWiki Platform <6.4-4.10.19, 15.5.4, 15.10-rc-1 - RCE

CVE-2024-31986 CRITICAL

XWiki Platform <4.10.19-15.10-rc-1 - RCE

CVE-2024-31985 MEDIUM

XWiki Platform <4.10.20-15.10-rc-1 - Info Disclosure

CVE-2024-31984 CRITICAL

XWiki Platform <4.10.20, 15.5.4, 15.10-rc-1 - RCE

CVE-2024-31983 CRITICAL

XWiki Platform <4.10.20, 15.5.4, 15.10-rc-1 - RCE

CVE-2024-31982 CRITICAL NUCLEI

XWiki Platform <4.10.20,15.5.4,15.10-rc-1 - RCE

CVE-2024-31981 CRITICAL

XWiki Platform <4.10.20, 15.5.4, 15.10-rc-1 - RCE

CVE-2024-31465 CRITICAL

XWiki 5.0-rc-1-14.10.19 - Authenticated Remote Code Execution via XWiki.SearchSuggestSourceClass Object Injection

CVE-2024-31464 MEDIUM

XWiki Platform 5.0-rc-1-14.10.18 - Authenticated Exposure of Sensitive Information via History Diff Feature

CVE-2024-21651 HIGH

XWiki 14.10-14.10.17 - Denial of Service via Malformed TAR File Attachment

CVE-2024-21648 HIGH

XWiki < 14.10.17, 15.0-rc-1-15.5.3 - Privilege Escalation via Rollback Action

CVE-2024-21650 CRITICAL NUCLEI

XWiki < 4.10.20 - Remote code execution

CVE-2023-50732 HIGH

XWiki 8.3-14.10.6 - Unauthenticated Velocity Script Execution via Document Tree

CVE-2023-50723 CRITICAL

XWiki Platform 2.3-14.10.5 - Authenticated Remote Code Execution via Administration Interface

CVE-2023-50722 CRITICAL

XWiki Platform 2.3-14.10.4 - Unauthenticated Remote Code Execution via Configurable Admin Section URL Parameter

Previous Page 3 of 10 Next

Products

xwiki-platform-oldcore 45 xwiki-platform-web-templates 23 xwiki-platform-web 15 xwiki-platform-administration-ui 11 xwiki-platform-rest-server 10 xwiki-platform-flamingo-skin-resources 6 xwiki-platform-appwithinminutes-ui 5 xwiki-platform-distribution-war 5 xwiki-platform-legacy-oldcore 5 xwiki-platform-attachment-ui 4 xwiki-platform-flamingo-theme-ui 4 xwiki-platform-livetable-ui 4 xwiki-platform-notifications-ui 4 xwiki-platform-scheduler-ui 4 xwiki-platform-search-ui 4 xwiki-platform-skin-skinx 4 xwiki-platform-wiki-ui-mainwiki 4 xwiki-platform-icon-ui 3 xwiki-platform-invitation-ui 3 xwiki-platform-panels-ui 3 xwiki-platform-search-solr-api 3 xwiki-platform-security-requiredrights-default 3 xwiki-platform 2 xwiki-platform-administration 2 xwiki-platform-filter-ui 2 xwiki-platform-help-ui 2 xwiki-platform-livedata-macro 2 xwiki-platform-localization-source-wiki 2 xwiki-platform-menu-ui 2 xwiki-platform-notifications-notifiers-default 2

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy