Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / org.xwiki.platform

org.xwiki.platform

231 tracked vulnerabilities.

CVE-2023-32070 CRITICAL

XWiki Platform < 14.6-rc-1 - Cross-Site Scripting via HTML Attribute Injection

CVE-2023-32071 CRITICAL

XWiki Platform <2.2-14.4.8, <14.10.4, <15.0-rc-1 - XSS

CVE-2023-32069 CRITICAL

XWiki 3.3-milestone-2-14.10.3 - Incorrect Authorization

CVE-2023-29527 CRITICAL

XWiki 7.4.4-14.10.2 - Unauthenticated Remote Code Execution via Groovy Script Injection

CVE-2023-29526 CRITICAL

XWiki Platform 10.11.1-13.10.11 - Remote Code Execution via Async and Display Macros

CVE-2023-29525 CRITICAL

XWiki < 14.4.8, 12.6.1-13.10.11, 14.6-rc-1-14.10.3 - Code Injection via LegacyNotificationAdministration since Parameter

CVE-2023-29524 CRITICAL

XWiki < 14.10.3 - Authenticated Remote Code Execution via Scheduler Job Script Injection

CVE-2023-29523 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Script Macro Injection

CVE-2023-29522 CRITICAL

XWiki < 14.4.8 - Remote Code Execution via Crafted Page Name

CVE-2023-29521 HIGH

XWiki < 13.10.11 - Authenticated Remote Code Execution via Macro.VFSTreeMacro

CVE-2023-29520 MEDIUM

XWiki < 13.10.11 - Denial of Service via Corrupted Translation Document

CVE-2023-29519 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Attachment Selector Property Field

CVE-2023-29518 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Invitation.InvitationCommon Page

CVE-2023-29517 HIGH

XWiki < 13.10.11 - Unauthenticated Exposure of Sensitive Information via Office Document Viewer Macro

CVE-2023-29516 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via AttachmentSelector Cancel Button

CVE-2023-29515 HIGH

XWiki < 13.10.11 - Authenticated JavaScript Injection via App Within Minutes Space Admin Right

CVE-2023-29514 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Document Edit

CVE-2023-29513 MEDIUM

XWiki < 14.10.1 - Unauthenticated User Creation via Distribution First Admin User Endpoint

CVE-2023-29512 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Improper Escaping in Attachment Handling

CVE-2023-29510 CRITICAL

XWiki < 14.10.2 - Authenticated Remote Code Execution via User Translation Override

CVE-2023-29213 CRITICAL

XWiki Platform < 13.10.11 - Authenticated Remote Code Execution via URL Expression Injection

CVE-2023-30537 CRITICAL

XWiki 12.6.6-13.10.10 - Authenticated Remote Code Execution via FlamingoThemesCode.WebHome Style Property

CVE-2023-29511 CRITICAL

XWiki 1.7-13.10.10 - Authenticated Remote Code Execution via Section ID Injection in AdminFieldsDisplaySheet

CVE-2023-29509 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via DocumentTree Macro Parameter Injection

CVE-2023-29508 HIGH

XWiki < 13.10.11 - Stored Cross-Site Scripting via Live Data Macro

Previous Page 6 of 10 Next

Products

xwiki-platform-oldcore 45 xwiki-platform-web-templates 23 xwiki-platform-web 15 xwiki-platform-administration-ui 11 xwiki-platform-rest-server 10 xwiki-platform-flamingo-skin-resources 6 xwiki-platform-appwithinminutes-ui 5 xwiki-platform-distribution-war 5 xwiki-platform-legacy-oldcore 5 xwiki-platform-attachment-ui 4 xwiki-platform-flamingo-theme-ui 4 xwiki-platform-livetable-ui 4 xwiki-platform-notifications-ui 4 xwiki-platform-scheduler-ui 4 xwiki-platform-search-ui 4 xwiki-platform-skin-skinx 4 xwiki-platform-wiki-ui-mainwiki 4 xwiki-platform-icon-ui 3 xwiki-platform-invitation-ui 3 xwiki-platform-panels-ui 3 xwiki-platform-search-solr-api 3 xwiki-platform-security-requiredrights-default 3 xwiki-platform 2 xwiki-platform-administration 2 xwiki-platform-filter-ui 2 xwiki-platform-help-ui 2 xwiki-platform-livedata-macro 2 xwiki-platform-localization-source-wiki 2 xwiki-platform-menu-ui 2 xwiki-platform-notifications-notifiers-default 2

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy