Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / org.xwiki.platform

org.xwiki.platform

231 tracked vulnerabilities.

CVE-2023-37914 CRITICAL

XWiki 2.5-14.4.8 - Authenticated Remote Code Execution via Script Macro Injection in Invitation.WebHome

CVE-2023-37462 CRITICAL NUCLEI

XWiki 7.0-14.4.8 - Remote Code Execution via SkinsCode.XWikiSkinsSheet Injection

CVE-2023-37277 CRITICAL

XWiki 1.8-14.10.8 - Cross-Site Request Forgery via REST API

CVE-2023-36477 CRITICAL

XWiki Platform 14.6-14.10.5 & CKEditor 1.9-1.64.8 - Authenticated XSS via CKEditor Config

CVE-2023-36470 CRITICAL

XWiki 6.2-14.10.5 - Remote Code Execution via Icon Set Injection

CVE-2023-36469 CRITICAL

XWiki 9.6-14.10.5 - Authenticated Remote Code Execution via User Profile Script Macros

CVE-2023-36468 CRITICAL

XWiki 2.0-14.10.7 - Incomplete Cleanup of Vulnerable Document Revisions

CVE-2023-35162 CRITICAL NUCLEI

XWiki 6.2-14.10.4 - Stored Cross-Site Scripting via Preview Actions Template

CVE-2023-35161 CRITICAL NUCLEI

XWiki 6.2.1-14.10.4 - Stored Cross-Site Scripting via DeleteApplication Page

CVE-2023-35160 CRITICAL NUCLEI

XWiki 3.0-14.10.4 - Cross-Site Scripting via Resubmit Template URL Parameter

CVE-2023-35159 CRITICAL NUCLEI

XWiki 3.5-14.10.4 - Stored Cross-Site Scripting via Deletespace Template

CVE-2023-35158 CRITICAL NUCLEI

XWiki 9.4-14.10.4 - Stored Cross-Site Scripting via Restore Template URL Parameter

CVE-2023-35157 HIGH

XWiki Platform < 14.10.6 - Cross-Site Scripting via Delete Attachment Action

CVE-2023-35156 CRITICAL NUCLEI

XWiki 6.0.1-14.10.5 - Stored Cross-Site Scripting via Delete Template URL Parameter

CVE-2023-35155 HIGH NUCLEI

XWiki < 14.4.8 - Stored Cross-Site Scripting via Share Page URL Parameter

CVE-2023-35153 CRITICAL

XWiki 5.4.4-14.4.7 - Stored Cross-Site Scripting via AppWithinMinutes.FormFieldCategoryClass Page Title

CVE-2023-35152 CRITICAL

XWiki Platform 12.9-14.4.8 - Authenticated Eval Injection via First Name Field

CVE-2023-35151 HIGH

XWiki 7.3-milestone-1-14.4.8 - Unauthenticated Exposure of Obfuscated Passwords via REST Endpoint

CVE-2023-35150 CRITICAL

XWiki Platform 2.40m-2-14.4.8, 14.10.4, 15.0 - Remote Code Execution via Crafted URL Payload

CVE-2023-34467 HIGH

XWiki Platform <14.4.8-15.0-rc-1 - Info Disclosure

CVE-2023-34466 MEDIUM

XWiki 5.0.1-14.4.7 - Unauthorized Information Disclosure via Tags API

CVE-2023-34465 CRITICAL

XWiki 11.8-rc-1-14.4.7 - Authenticated Privilege Escalation via Mail.MailConfig Page

CVE-2023-34464 CRITICAL

XWiki Platform 2.2.1-14.4.7 - Stored Cross-Site Scripting via DisplayContent or RenderContent Template

CVE-2023-35166 CRITICAL

XWiki 8.1-14.10.5 - Incorrect Authorization via Tip UI Extension

CVE-2023-32068 MEDIUM NUCLEI

XWiki Platform < 14.10.4 - Open Redirect via URL Parameter Manipulation

Previous Page 5 of 10 Next

Products

xwiki-platform-oldcore 45 xwiki-platform-web-templates 23 xwiki-platform-web 15 xwiki-platform-administration-ui 11 xwiki-platform-rest-server 10 xwiki-platform-flamingo-skin-resources 6 xwiki-platform-appwithinminutes-ui 5 xwiki-platform-distribution-war 5 xwiki-platform-legacy-oldcore 5 xwiki-platform-attachment-ui 4 xwiki-platform-flamingo-theme-ui 4 xwiki-platform-livetable-ui 4 xwiki-platform-notifications-ui 4 xwiki-platform-scheduler-ui 4 xwiki-platform-search-ui 4 xwiki-platform-skin-skinx 4 xwiki-platform-wiki-ui-mainwiki 4 xwiki-platform-icon-ui 3 xwiki-platform-invitation-ui 3 xwiki-platform-panels-ui 3 xwiki-platform-search-solr-api 3 xwiki-platform-security-requiredrights-default 3 xwiki-platform 2 xwiki-platform-administration 2 xwiki-platform-filter-ui 2 xwiki-platform-help-ui 2 xwiki-platform-livedata-macro 2 xwiki-platform-localization-source-wiki 2 xwiki-platform-menu-ui 2 xwiki-platform-notifications-notifiers-default 2

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy