xwiki

285 tracked vulnerabilities.

CVE-2022-24821 MEDIUM
XWiki 12.0.0-12.10.10 and 13.5.0-13.9.0 - Unauthorized Global SSX/JSX Creation
Apr 08, 2022
CVSS 6.8
EPSS 0.01
CVE-2022-23622 HIGH
XWiki Platform < 12.10.10, 12.10.11, 13.4.7, 13.10.3 - Cross-Site Scripting via xredirect Hidden Field
Feb 09, 2022
CVSS 7.4
EPSS 0.00
CVE-2022-23621 MEDIUM
XWiki < 12.10.9, 13.4.3, >=13.6-rc-1 <13.7-rc-1 - Arbitrary File Read via XWiki#invokeServletAndReturnAsString
Feb 09, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-23620 MEDIUM
XWiki < 13.6 - Path Traversal via SSX Document Reference Export
Feb 09, 2022
CVSS 6.8
EPSS 0.00
CVE-2022-23619 MEDIUM
XWiki < 12.10.9, 13.5RC1-13.6RC1 - Unauthenticated User Enumeration via Password Reset Form
Feb 09, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-23618 MEDIUM
XWiki < 12.10.6 and 12.10.7 - URL Redirection to Untrusted Site via xredirect Parameter
Feb 09, 2022
CVSS 4.7
EPSS 0.00
CVE-2022-23617 MEDIUM
XWiki Platform < 12.10.6 - Missing Authorization via Page Template Copy
Feb 09, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-23616 HIGH
XWiki Platform 3.1.1-13.1 - Unauthenticated Remote Code Execution via Reset Password Feature
Feb 09, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-23615 MEDIUM
XWiki Platform < 13.0 - Incorrect Authorization via Document Save with Elevated Rights
Feb 09, 2022
CVSS 5.4
EPSS 0.00
CVE-2021-43841 MEDIUM
XWiki < 12.10.6 and 13.0-13.3RC1 - Stored Cross-Site Scripting via SVG File Upload
Feb 04, 2022
CVSS 5.4
EPSS 0.00
CVE-2021-32732 HIGH
XWiki <12.10.4,13.2RC0 - Info Disclosure
Feb 04, 2022
CVSS 7.5
EPSS 0.00
CVE-2021-32731 MEDIUM
XWiki Platform <13.1-13.1 - Info Disclosure
Jul 01, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-32730 MEDIUM
XWiki Platform <12.10.5, 13.0-13.1 - CSRF
Jul 01, 2021
CVSS 5.7
EPSS 0.00
CVE-2021-32729 LOW
XWiki Platform <12.6.88-13.0 - Auth Bypass
Jul 01, 2021
CVSS 2.0
EPSS 0.00
CVE-2021-32621 HIGH
XWiki 3.0.1-12.6.6 - Unauthenticated Remote Code Execution via Dashboard Gadget Title
May 28, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-32620 HIGH
XWiki 11.6-11.10.12 - Improper Authorization via Email Verification Activation Link
May 28, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-29459 CRITICAL
XWiki < 12.6.3 - Stored Cross-Site Scripting via User Profile and Static List Fields
Apr 20, 2021
CVSS 9.6
EPSS 0.00
CVE-2021-21380 HIGH
XWiki Platform 6.4.1-12.8 - Authenticated SQL Injection via Rating Script Service
Mar 23, 2021
CVSS 7.7
EPSS 0.03
CVE-2021-21379 HIGH
XWiki Platform 11.4-11.10.10 - Improper Preservation of Permissions in wikimacrocontent
Mar 12, 2021
CVSS 7.7
EPSS 0.00
CVE-2021-3137 MEDIUM
XWiki < 12.10.3 - Stored Cross-Site Scripting via SVG Upload in Comment Section
Jan 20, 2021
CVSS 5.4
EPSS 0.00
CVE-2020-13654 HIGH
XWiki Platform <12.8 - Info Disclosure
Dec 31, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-15252 HIGH
XWiki < 11.10.6 - Authenticated Remote Code Execution via Servlet Context Access
Oct 16, 2020
CVSS 8.5
EPSS 0.03
CVE-2020-15171 MEDIUM
XWiki < 11.10.5 - Authenticated Remote Code Execution via Servlet Context Access
Sep 10, 2020
CVSS 6.6
EPSS 0.01
CVE-2020-11057 CRITICAL
XWiki 7.2-11.10.2 - Authenticated Remote Code Execution via Personal Dashboard Script Injection
May 12, 2020
CVSS 9.9
EPSS 0.02
CVE-2019-15302 MEDIUM
XWiki CryptPad < 3.0.0 - Data Loss via Rich Text Pad URL Modification
Sep 11, 2019
CVSS 6.5
EPSS 0.00
Products
xwiki 248 cryptpad 5 pro_macros 5 commons 4 xwiki-platform 4 xwiki-rendering 4 pdf_viewer_macro 3 change_request 2 ckeditor_integration 2 full_calendar_macro 2 admin_tools 1 application-collabora 1 application_licensing 1 blog_application 1 confluence_migrator 1 oauth_identity 1 openid_connect 1 org.xwiki.platform:xwiki-platform-legacy-oldcore 1 org.xwiki.platform:xwiki-platform-oldcore 1 rendering 1 wiki-platform 1 xwiki-commons 1 xwiki_enterprise 1 xwiki_watch 1
Quick Filters
Critical CVEs With Exploits In CISA KEV