Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / org.xwiki.platform

org.xwiki.platform

231 tracked vulnerabilities.

CVE-2023-29507 CRITICAL

XWiki 14.4.1-14.4.6 and 14.5-14.9 - Privilege Escalation via Document Script API

CVE-2023-29506 MEDIUM NUCLEI

XWiki 13.10.8-13.10.10 - Authenticated Cross-Site Scripting via Endpoint URL Injection

CVE-2023-29214 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via IncludedDocuments Panel

CVE-2023-29212 CRITICAL

XWiki 14.0-14.4.7 - Authenticated Remote Code Execution via Insufficient Escaping in Included Documents Edit Panel

CVE-2023-29211 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Improper WikiId Parameter Escaping

CVE-2023-29210 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Notification Preferences Macro

CVE-2023-29209 CRITICAL

XWiki <13.10.11 - Code Execution via Legacy Notification Activity Macro

CVE-2023-29208 HIGH

XWiki < 13.10.11 - Unauthorized Deleted Document Access

CVE-2023-29207 HIGH

XWiki 1.9-13.10.9 - Stored Cross-Site Scripting via Livetable Macro Column Names

CVE-2023-29206 CRITICAL

XWiki 3.0-14.8 - Authenticated Stored Cross-Site Scripting via JavaScript or StyleSheet XObject

CVE-2023-29205 CRITICAL

XWiki < 14.7 and xwiki-platform-rendering-xwiki < 14.8-rc-1 - Stored Cross-Site Scripting via HTML Macro

CVE-2023-29204 MEDIUM NUCLEI

XWiki 6.0-13.10.9 - Open Redirect via URL Scheme Omission

CVE-2023-29203 LOW

XWiki 13.9-13.10.8 - Unauthorized Exposure of Private User Information via uorgsuggest.vm

CVE-2023-29202 CRITICAL

XWiki 1.8-14.5 - Stored Cross-Site Scripting via RSS Macro Content Parameter

CVE-2023-27480 HIGH

XWiki Platform < 13.10.11 - XML External Entity Injection via XAR Import

CVE-2023-27479 CRITICAL

XWiki 6.3-13.10.10 - Authenticated Remote Code Execution via UIX Parameter Injection

CVE-2023-26476 HIGH

XWiki Platform <14.7-rc-1, <13.4.4, <13.10.9 - Info Disclosure

CVE-2023-26475 CRITICAL

XWiki Platform <2.3-milestone-1 - RCE

CVE-2023-26474 CRITICAL

XWiki 13.10-13.10.10 - Improper Access Control via Text Area Property Execution

CVE-2023-26473 MEDIUM

XWiki Platform <1.3-rc-1 - Info Disclosure

CVE-2023-26472 CRITICAL

XWiki 6.2.1-13.10.9 - Unauthenticated Remote Code Execution via Icon Theme Sheet Injection

CVE-2023-26471 CRITICAL

XWiki 11.6-13.10.9 - Authenticated Privilege Escalation via Async Macro

CVE-2023-26470 MEDIUM

XWiki < 14.0 - Uncontrolled Resource Consumption via Large Object Addition

CVE-2023-26056 MEDIUM

XWiki Platform <3.0-milestone-1 - Privilege Escalation

CVE-2023-26480 HIGH

XWiki 12.10-13.10.9 - Stored Cross-Site Scripting via Live Data Macro

Previous Page 7 of 10 Next

Products

xwiki-platform-oldcore 45 xwiki-platform-web-templates 23 xwiki-platform-web 15 xwiki-platform-administration-ui 11 xwiki-platform-rest-server 10 xwiki-platform-flamingo-skin-resources 6 xwiki-platform-appwithinminutes-ui 5 xwiki-platform-distribution-war 5 xwiki-platform-legacy-oldcore 5 xwiki-platform-attachment-ui 4 xwiki-platform-flamingo-theme-ui 4 xwiki-platform-livetable-ui 4 xwiki-platform-notifications-ui 4 xwiki-platform-scheduler-ui 4 xwiki-platform-search-ui 4 xwiki-platform-skin-skinx 4 xwiki-platform-wiki-ui-mainwiki 4 xwiki-platform-icon-ui 3 xwiki-platform-invitation-ui 3 xwiki-platform-panels-ui 3 xwiki-platform-search-solr-api 3 xwiki-platform-security-requiredrights-default 3 xwiki-platform 2 xwiki-platform-administration 2 xwiki-platform-filter-ui 2 xwiki-platform-help-ui 2 xwiki-platform-livedata-macro 2 xwiki-platform-localization-source-wiki 2 xwiki-platform-menu-ui 2 xwiki-platform-notifications-notifiers-default 2

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy