Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / org.xwiki.platform

org.xwiki.platform

231 tracked vulnerabilities.

CVE-2022-31167 HIGH

XWiki Platform <12.10.11, 13.4.6 - Info Disclosure

CVE-2022-31166 HIGH

XWiki Platform Old Core <12.0RC1 - Privilege Escalation

CVE-2022-29258 HIGH

XWiki Platform <12.10.11-14.0-rc-1-13.4.7-13.10.3 - XSS

CVE-2022-29253 LOW

XWiki Platform <12.10.3,14.0 - Path Traversal

CVE-2022-29252 HIGH

XWiki Platform Wiki UI Main Wiki <5.3-milestone-2 - XSS

CVE-2022-29251 HIGH

XWiki Platform Flamingo Theme UI <12.10.11,14.0-rc-1,13.4.7,13.10.3...

CVE-2022-29161 MEDIUM

XWiki < 13.10.6 - Use of Broken Cryptographic Algorithm in X509 Certificate Generation

CVE-2022-24820 MEDIUM

XWiki Platform < 12.10.11 - Unauthenticated Exposure of Private Personal Information via Velocity Document Rendering

CVE-2022-24819 MEDIUM NUCLEI

XWiki < 12.10.11 - Unauthenticated Exposure of Private User Documents

CVE-2022-24821 MEDIUM

XWiki 12.0.0-12.10.10 and 13.5.0-13.9.0 - Unauthorized Global SSX/JSX Creation

CVE-2022-23622 HIGH

XWiki Platform < 12.10.10, 12.10.11, 13.4.7, 13.10.3 - Cross-Site Scripting via xredirect Hidden Field

CVE-2022-23621 MEDIUM

XWiki < 12.10.9, 13.4.3, >=13.6-rc-1 <13.7-rc-1 - Arbitrary File Read via XWiki#invokeServletAndReturnAsString

CVE-2022-23620 MEDIUM

XWiki < 13.6 - Path Traversal via SSX Document Reference Export

CVE-2022-23619 MEDIUM

XWiki < 12.10.9, 13.5RC1-13.6RC1 - Unauthenticated User Enumeration via Password Reset Form

CVE-2022-23618 MEDIUM

XWiki < 12.10.6 and 12.10.7 - URL Redirection to Untrusted Site via xredirect Parameter

CVE-2022-23617 MEDIUM

XWiki Platform < 12.10.6 - Missing Authorization via Page Template Copy

CVE-2022-23616 HIGH

XWiki Platform 3.1.1-13.1 - Unauthenticated Remote Code Execution via Reset Password Feature

CVE-2022-23615 MEDIUM

XWiki Platform < 13.0 - Incorrect Authorization via Document Save with Elevated Rights

CVE-2021-43841 MEDIUM

XWiki < 12.10.6 and 13.0-13.3RC1 - Stored Cross-Site Scripting via SVG File Upload

CVE-2021-32732 HIGH

XWiki <12.10.4,13.2RC0 - Info Disclosure

CVE-2021-32731 MEDIUM

XWiki Platform <13.1-13.1 - Info Disclosure

CVE-2021-32730 MEDIUM

XWiki Platform <12.10.5, 13.0-13.1 - CSRF

CVE-2021-32729 LOW

XWiki Platform <12.6.88-13.0 - Auth Bypass

CVE-2021-29459 CRITICAL

XWiki < 12.6.3 - Stored Cross-Site Scripting via User Profile and Static List Fields

CVE-2021-21380 HIGH

XWiki Platform 6.4.1-12.8 - Authenticated SQL Injection via Rating Script Service

Previous Page 9 of 10 Next

Products

xwiki-platform-oldcore 45 xwiki-platform-web-templates 23 xwiki-platform-web 15 xwiki-platform-administration-ui 11 xwiki-platform-rest-server 10 xwiki-platform-flamingo-skin-resources 6 xwiki-platform-appwithinminutes-ui 5 xwiki-platform-distribution-war 5 xwiki-platform-legacy-oldcore 5 xwiki-platform-attachment-ui 4 xwiki-platform-flamingo-theme-ui 4 xwiki-platform-livetable-ui 4 xwiki-platform-notifications-ui 4 xwiki-platform-scheduler-ui 4 xwiki-platform-search-ui 4 xwiki-platform-skin-skinx 4 xwiki-platform-wiki-ui-mainwiki 4 xwiki-platform-icon-ui 3 xwiki-platform-invitation-ui 3 xwiki-platform-panels-ui 3 xwiki-platform-search-solr-api 3 xwiki-platform-security-requiredrights-default 3 xwiki-platform 2 xwiki-platform-administration 2 xwiki-platform-filter-ui 2 xwiki-platform-help-ui 2 xwiki-platform-livedata-macro 2 xwiki-platform-localization-source-wiki 2 xwiki-platform-menu-ui 2 xwiki-platform-notifications-notifiers-default 2

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy