org.xwiki.platform

231 tracked vulnerabilities.

CVE-2023-26479 MEDIUM
XWiki Platform <6.0 - Info Disclosure
Mar 02, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-26478 MEDIUM
XWiki Platform <14.3-rc-1 - Info Disclosure
Mar 02, 2023
CVSS 6.6
EPSS 0.05
CVE-2023-26477 CRITICAL
XWiki Platform <13.10.10, <14.9-rc-1, <14.4.6 - Code Injection
Mar 02, 2023
CVSS 10.0
EPSS 0.40
CVE-2022-41933 MEDIUM
XWiki 13.1-13.10.8 - Plaintext Password Storage in Forgot Password Feature
Nov 23, 2022
CVSS 6.2
EPSS 0.00
CVE-2022-41932 HIGH
XWiki < 13.10.8 - Denial of Service via Crafted User Identifier in Login Form
Nov 23, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-41935 MEDIUM
XWiki 12.10.11-13.10.8 - Unauthenticated Exposure of Sensitive Information via Livetable Queries
Nov 23, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-41934 CRITICAL
XWiki Platform < 13.10.8 - Authenticated Remote Code Execution via Menu Macro Injection
Nov 23, 2022
CVSS 9.9
EPSS 0.24
CVE-2022-41931 CRITICAL
xwiki-platform-icon-ui - Eval Injection
Nov 23, 2022
CVSS 9.9
EPSS 0.19
CVE-2022-41930 HIGH
XWiki 12.4-13.10.6 - Unauthenticated Missing Authorization in User Profile UI
Nov 23, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-41929 MEDIUM
XWiki 11.7-13.10.6, 14.0.0-14.4.1 - Missing Authorization in User#setDisabledStatus
Nov 23, 2022
CVSS 4.9
EPSS 0.00
CVE-2022-41928 CRITICAL
XWiki 5.0-13.10.6 - Eval Injection in AttachmentSelector.xml
Nov 23, 2022
CVSS 9.9
EPSS 0.06
CVE-2022-41927 HIGH
XWiki Platform 3.2-13.10.6 - Cross-Site Request Forgery in Tag Management
Nov 23, 2022
CVSS 7.4
EPSS 0.01
CVE-2022-41937 CRITICAL
XWiki < 13.10.8 - Unauthenticated Arbitrary Page Modification via XAR Package Import
Nov 22, 2022
CVSS 9.6
EPSS 0.10
CVE-2022-41936 MEDIUM
XWiki 8.1-13.10.7 - Unauthorized Exposure of Private Information via Modifications REST Endpoint
Nov 22, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-36100 CRITICAL
XWiki Platform <14.4 - Code Injection
Sep 08, 2022
CVSS 9.9
EPSS 0.08
CVE-2022-36099 CRITICAL
XWiki Platform Wiki UI Main Wiki <13.10.6-14.4 - Code Injection
Sep 08, 2022
CVSS 9.9
EPSS 0.22
CVE-2022-36098 HIGH
XWiki Platform <13.10.6, <14.4 - RCE
Sep 08, 2022
CVSS 8.9
EPSS 0.44
CVE-2022-36097 HIGH
XWiki Platform Attachment UI 14.0-rc-1-14.3 - Stored Cross-Site Scripting via Attachment Name
Sep 08, 2022
CVSS 8.9
EPSS 0.22
CVE-2022-36096 HIGH
XWiki Platform Index UI < 13.10.6 - Stored Cross-Site Scripting via Deleted Attachments Index
Sep 08, 2022
CVSS 8.9
EPSS 0.44
CVE-2022-36095 MEDIUM
XWiki Platform <13.10.5-14.3 - CSRF
Sep 08, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-36094 HIGH
XWiki Platform <13.10.6 & <14.30-rc-1 - XSS
Sep 08, 2022
CVSS 8.9
EPSS 0.39
CVE-2022-36093 HIGH
XWiki Platform Web Templates <14.2 & <13.10.4 - Auth Bypass
Sep 08, 2022
CVSS 8.5
EPSS 0.04
CVE-2022-36092 HIGH
XWiki Platform Old Core <14.2-13.10.4 - Auth Bypass
Sep 08, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-36091 HIGH
XWiki Platform <14.2 - Info Disclosure
Sep 08, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-36090 HIGH
XWiki Platform Old Core <14.3-rc-1 - Privilege Escalation
Sep 08, 2022
CVSS 8.1
EPSS 0.01
Products
xwiki-platform-oldcore 45 xwiki-platform-web-templates 23 xwiki-platform-web 15 xwiki-platform-administration-ui 11 xwiki-platform-rest-server 10 xwiki-platform-flamingo-skin-resources 6 xwiki-platform-appwithinminutes-ui 5 xwiki-platform-distribution-war 5 xwiki-platform-legacy-oldcore 5 xwiki-platform-attachment-ui 4 xwiki-platform-flamingo-theme-ui 4 xwiki-platform-livetable-ui 4 xwiki-platform-notifications-ui 4 xwiki-platform-scheduler-ui 4 xwiki-platform-search-ui 4 xwiki-platform-skin-skinx 4 xwiki-platform-wiki-ui-mainwiki 4 xwiki-platform-icon-ui 3 xwiki-platform-invitation-ui 3 xwiki-platform-panels-ui 3 xwiki-platform-search-solr-api 3 xwiki-platform-security-requiredrights-default 3 xwiki-platform 2 xwiki-platform-administration 2 xwiki-platform-filter-ui 2 xwiki-platform-help-ui 2 xwiki-platform-livedata-macro 2 xwiki-platform-localization-source-wiki 2 xwiki-platform-menu-ui 2 xwiki-platform-notifications-notifiers-default 2
Quick Filters
Critical CVEs With Exploits In CISA KEV