xwiki

285 tracked vulnerabilities.

CVE-2022-41937 CRITICAL
XWiki < 13.10.8 - Unauthenticated Arbitrary Page Modification via XAR Package Import
Nov 22, 2022
CVSS 9.6
EPSS 0.10
CVE-2022-41936 MEDIUM
XWiki 8.1-13.10.7 - Unauthorized Exposure of Private Information via Modifications REST Endpoint
Nov 22, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-39387 CRITICAL
XWiki OIDC < 1.29.1 - Authentication Bypass via OpenID Provider Parameter Injection
Nov 04, 2022
CVSS 9.1
EPSS 0.00
CVE-2022-36100 CRITICAL
XWiki Platform <14.4 - Code Injection
Sep 08, 2022
CVSS 9.9
EPSS 0.08
CVE-2022-36099 CRITICAL
XWiki Platform Wiki UI Main Wiki <13.10.6-14.4 - Code Injection
Sep 08, 2022
CVSS 9.9
EPSS 0.22
CVE-2022-36098 HIGH
XWiki Platform <13.10.6, <14.4 - RCE
Sep 08, 2022
CVSS 8.9
EPSS 0.44
CVE-2022-36097 HIGH
XWiki Platform Attachment UI 14.0-rc-1-14.3 - Stored Cross-Site Scripting via Attachment Name
Sep 08, 2022
CVSS 8.9
EPSS 0.22
CVE-2022-36096 HIGH
XWiki Platform Index UI < 13.10.6 - Stored Cross-Site Scripting via Deleted Attachments Index
Sep 08, 2022
CVSS 8.9
EPSS 0.44
CVE-2022-36095 MEDIUM
XWiki Platform <13.10.5-14.3 - CSRF
Sep 08, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-36094 HIGH
XWiki Platform <13.10.6 & <14.30-rc-1 - XSS
Sep 08, 2022
CVSS 8.9
EPSS 0.39
CVE-2022-36093 HIGH
XWiki Platform Web Templates <14.2 & <13.10.4 - Auth Bypass
Sep 08, 2022
CVSS 8.5
EPSS 0.04
CVE-2022-36092 HIGH
XWiki Platform Old Core <14.2-13.10.4 - Auth Bypass
Sep 08, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-36091 HIGH
XWiki Platform <14.2 - Info Disclosure
Sep 08, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-36090 HIGH
XWiki Platform Old Core <14.3-rc-1 - Privilege Escalation
Sep 08, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-31167 HIGH
XWiki Platform <12.10.11, 13.4.6 - Info Disclosure
Sep 07, 2022
CVSS 7.1
EPSS 0.00
CVE-2022-31166 HIGH
XWiki Platform Old Core <12.0RC1 - Privilege Escalation
Sep 07, 2022
CVSS 8.1
EPSS 0.02
CVE-2022-29258 HIGH
XWiki Platform <12.10.11-14.0-rc-1-13.4.7-13.10.3 - XSS
May 31, 2022
CVSS 7.4
EPSS 0.01
CVE-2022-29253 LOW
XWiki Platform <12.10.3,14.0 - Path Traversal
May 25, 2022
CVSS 2.7
EPSS 0.00
CVE-2022-29252 HIGH
XWiki Platform Wiki UI Main Wiki <5.3-milestone-2 - XSS
May 25, 2022
CVSS 7.4
EPSS 0.01
CVE-2022-29251 HIGH
XWiki Platform Flamingo Theme UI <12.10.11,14.0-rc-1,13.4.7,13.10.3...
May 25, 2022
CVSS 7.4
EPSS 0.04
CVE-2022-29161 MEDIUM
XWiki < 13.10.6 - Use of Broken Cryptographic Algorithm in X509 Certificate Generation
May 06, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-24897 HIGH
XWiki 2.3-12.6.6 - Authenticated Path Traversal via Velocity Script File API
May 02, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-24898 MEDIUM
XWiki Commons 2.7-12.10.9, 13.0-13.4.3, 13.5-13.7.9 - XML External Entity Injection via XML Script Service
Apr 28, 2022
CVSS 4.9
EPSS 0.00
CVE-2022-24820 MEDIUM
XWiki Platform < 12.10.11 - Unauthenticated Exposure of Private Personal Information via Velocity Document Rendering
Apr 08, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-24819 MEDIUM NUCLEI
XWiki < 12.10.11 - Unauthenticated Exposure of Private User Documents
Apr 08, 2022
CVSS 5.3
EPSS 0.04
Products
xwiki 248 cryptpad 5 pro_macros 5 commons 4 xwiki-platform 4 xwiki-rendering 4 pdf_viewer_macro 3 change_request 2 ckeditor_integration 2 full_calendar_macro 2 admin_tools 1 application-collabora 1 application_licensing 1 blog_application 1 confluence_migrator 1 oauth_identity 1 openid_connect 1 org.xwiki.platform:xwiki-platform-legacy-oldcore 1 org.xwiki.platform:xwiki-platform-oldcore 1 rendering 1 wiki-platform 1 xwiki-commons 1 xwiki_enterprise 1 xwiki_watch 1
Quick Filters
Critical CVEs With Exploits In CISA KEV