org.xwiki.platform

231 tracked vulnerabilities.

CVE-2023-50721 CRITICAL
XWiki Platform 4.5-14.10.5 - Remote Code Execution via Search UI Extension Injection
Dec 15, 2023
CVSS 9.9
EPSS 0.43
CVE-2023-50720 MEDIUM NUCLEI
XWiki Platform < 14.10.15 - Unauthenticated Exposure of Sensitive Information via Solr Search
Dec 15, 2023
CVSS 5.3
EPSS 0.50
CVE-2023-50719 HIGH NUCLEI
XWiki Platform 7.2-milestone-2-14.10.14 - Unauthenticated Exposure of Sensitive Information via Solr Search
Dec 15, 2023
CVSS 7.5
EPSS 0.51
CVE-2023-48241 HIGH NUCLEI
XWiki Platform 6.3-milestone-2-14.10.15 - Unauthenticated Information Disclosure via Solr Search Suggestion Provider
Nov 20, 2023
CVSS 7.5
EPSS 0.69
CVE-2023-48240 CRITICAL
XWiki 11.10.1-14.10.14 - Cookie Theft and Server-Side Request Forgery via Diff Image Embedding
Nov 20, 2023
CVSS 9.0
EPSS 0.02
CVE-2023-46243 CRITICAL
XWiki 1.0-14.10.5 and 15.0-15.1 - Authenticated Remote Code Execution via Crafted Edit URL
Nov 07, 2023
CVSS 9.9
EPSS 0.07
CVE-2023-46244 CRITICAL
XWiki 3.3-14.10.6 - Incorrect Authorization via Velocity Script Execution
Nov 07, 2023
CVSS 9.1
EPSS 0.02
CVE-2023-46242 CRITICAL
XWiki < 14.10.7 - Authenticated Cross-Site Request Forgery via Crafted URL
Nov 07, 2023
CVSS 9.6
EPSS 0.03
CVE-2023-38509 MEDIUM
XWiki Platform <14.10.9, <15.3-rc-1 - Info Disclosure
Nov 07, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-46732 CRITICAL NUCLEI
XWiki 9.7-14.10.13 - Reflected Cross-Site Scripting via Rev Parameter
Nov 06, 2023
CVSS 9.6
EPSS 0.48
CVE-2023-46731 CRITICAL
XWiki Platform < 14.10.14 - Unauthenticated Remote Code Execution via Section URL Parameter
Nov 06, 2023
CVSS 10.0
EPSS 0.57
CVE-2023-45137 CRITICAL
XWiki Platform < 14.10.12 - Stored XSS via Document Creation Error Message
Oct 25, 2023
CVSS 9.0
EPSS 0.02
CVE-2023-45136 CRITICAL NUCLEI
XWiki 12.0-14.10.12 - Reflected Cross-Site Scripting in Page Creation Form
Oct 25, 2023
CVSS 9.6
EPSS 0.71
CVE-2023-45135 CRITICAL
XWiki Platform 7.2-milestone-2-14.10.12 - Remote Code Execution via Page Creation Title Parameter
Oct 25, 2023
CVSS 9.0
EPSS 0.05
CVE-2023-45134 CRITICAL
XWiki Platform 3.1.1-13.3 - Stored Cross-Site Scripting via Template Provider
Oct 25, 2023
CVSS 9.0
EPSS 0.05
CVE-2023-37913 CRITICAL
XWiki 3.5-14.10.8 - Path Traversal and Arbitrary File Write via Office Converter
Oct 25, 2023
CVSS 9.9
EPSS 0.04
CVE-2023-37912 CRITICAL
XWiki Rendering < 14.10.6 - Privilege Escalation via Footnote Macro Context Switching
Oct 25, 2023
CVSS 9.9
EPSS 0.10
CVE-2023-37911 MEDIUM
XWiki 9.4-14.10.7 - Unauthorized Deleted Document Content Exposure via Diff Feature
Oct 25, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-37910 HIGH
XWiki 14.0-14.4.7 - Missing Authorization for Attachment Move
Oct 25, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-37909 CRITICAL
XWiki 5.1-14.10.7 - Authenticated Remote Code Execution via User Profile Script Macro Injection
Oct 25, 2023
CVSS 9.9
EPSS 0.10
CVE-2023-41046 MEDIUM
XWiki 7.2-14.10.9 - Unauthenticated Velocity Code Execution via XClass TextArea Property
Sep 01, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-40573 CRITICAL
XWiki < 14.10.9 - Remote Code Execution via Scheduled Job Script Injection
Aug 24, 2023
CVSS 9.0
EPSS 0.04
CVE-2023-40572 CRITICAL
XWiki < 14.10.9 - Cross-Site Request Forgery via Create Action
Aug 24, 2023
CVSS 9.0
EPSS 0.03
CVE-2023-40177 CRITICAL
XWiki 4.3.1-14.10.4 - Authenticated Eval Injection via User Profile Content Field
Aug 23, 2023
CVSS 9.9
EPSS 0.02
CVE-2023-40176 CRITICAL
XWiki Platform 4.1.1-14.10.4 - Stored Cross-Site Scripting via User Profile Time Zone Preference
Aug 23, 2023
CVSS 9.0
EPSS 0.29
Products
xwiki-platform-oldcore 45 xwiki-platform-web-templates 23 xwiki-platform-web 15 xwiki-platform-administration-ui 11 xwiki-platform-rest-server 10 xwiki-platform-flamingo-skin-resources 6 xwiki-platform-appwithinminutes-ui 5 xwiki-platform-distribution-war 5 xwiki-platform-legacy-oldcore 5 xwiki-platform-attachment-ui 4 xwiki-platform-flamingo-theme-ui 4 xwiki-platform-livetable-ui 4 xwiki-platform-notifications-ui 4 xwiki-platform-scheduler-ui 4 xwiki-platform-search-ui 4 xwiki-platform-skin-skinx 4 xwiki-platform-wiki-ui-mainwiki 4 xwiki-platform-icon-ui 3 xwiki-platform-invitation-ui 3 xwiki-platform-panels-ui 3 xwiki-platform-search-solr-api 3 xwiki-platform-security-requiredrights-default 3 xwiki-platform 2 xwiki-platform-administration 2 xwiki-platform-filter-ui 2 xwiki-platform-help-ui 2 xwiki-platform-livedata-macro 2 xwiki-platform-localization-source-wiki 2 xwiki-platform-menu-ui 2 xwiki-platform-notifications-notifiers-default 2
Quick Filters
Critical CVEs With Exploits In CISA KEV