Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / xwiki

xwiki

285 tracked vulnerabilities.

CVE-2023-50721 CRITICAL

XWiki Platform 4.5-14.10.5 - Remote Code Execution via Search UI Extension Injection

CVE-2023-50720 MEDIUM NUCLEI

XWiki Platform < 14.10.15 - Unauthenticated Exposure of Sensitive Information via Solr Search

CVE-2023-50719 HIGH NUCLEI

XWiki Platform 7.2-milestone-2-14.10.14 - Unauthenticated Exposure of Sensitive Information via Solr Search

CVE-2023-49280 HIGH

XWiki Change Request < 1.10 - Authenticated Password Hash Exposure via Change Request Export

CVE-2023-48293 HIGH

XWiki Admin Tools Application < 4.5.1 - Cross-Site Request Forgery via Query on XWiki Tool

CVE-2023-48292 CRITICAL

XWiki Admin Tools 4.4-4.5.1 - Cross-Site Request Forgery via Shell Command Execution

CVE-2023-48241 HIGH NUCLEI

XWiki Platform 6.3-milestone-2-14.10.15 - Unauthenticated Information Disclosure via Solr Search Suggestion Provider

CVE-2023-48240 CRITICAL

XWiki 11.10.1-14.10.14 - Cookie Theft and Server-Side Request Forgery via Diff Image Embedding

CVE-2023-46743 HIGH

application-collabora - Info Disclosure

CVE-2023-46243 CRITICAL

XWiki 1.0-14.10.5 and 15.0-15.1 - Authenticated Remote Code Execution via Crafted Edit URL

CVE-2023-46244 CRITICAL

XWiki 3.3-14.10.6 - Incorrect Authorization via Velocity Script Execution

CVE-2023-46242 CRITICAL

XWiki < 14.10.7 - Authenticated Cross-Site Request Forgery via Crafted URL

CVE-2023-38509 MEDIUM

XWiki Platform <14.10.9, <15.3-rc-1 - Info Disclosure

CVE-2023-46732 CRITICAL NUCLEI

XWiki 9.7-14.10.13 - Reflected Cross-Site Scripting via Rev Parameter

CVE-2023-46731 CRITICAL

XWiki Platform < 14.10.14 - Unauthenticated Remote Code Execution via Section URL Parameter

CVE-2023-45137 CRITICAL

XWiki Platform < 14.10.12 - Stored XSS via Document Creation Error Message

CVE-2023-45136 CRITICAL NUCLEI

XWiki 12.0-14.10.12 - Reflected Cross-Site Scripting in Page Creation Form

CVE-2023-45135 CRITICAL

XWiki Platform 7.2-milestone-2-14.10.12 - Remote Code Execution via Page Creation Title Parameter

CVE-2023-45134 CRITICAL

XWiki Platform 3.1.1-13.3 - Stored Cross-Site Scripting via Template Provider

CVE-2023-37913 CRITICAL

XWiki 3.5-14.10.8 - Path Traversal and Arbitrary File Write via Office Converter

CVE-2023-37912 CRITICAL

XWiki Rendering < 14.10.6 - Privilege Escalation via Footnote Macro Context Switching

CVE-2023-37911 MEDIUM

XWiki 9.4-14.10.7 - Unauthorized Deleted Document Content Exposure via Diff Feature

CVE-2023-37910 HIGH

XWiki 14.0-14.4.7 - Missing Authorization for Attachment Move

CVE-2023-37909 CRITICAL

XWiki 5.1-14.10.7 - Authenticated Remote Code Execution via User Profile Script Macro Injection

CVE-2023-37908 CRITICAL

XWiki Rendering 14.6-14.10.3 - Cross-Site Scripting via Invalid Attribute Names

Previous Page 5 of 12 Next

Products

xwiki 248 cryptpad 5 pro_macros 5 commons 4 xwiki-platform 4 xwiki-rendering 4 pdf_viewer_macro 3 change_request 2 ckeditor_integration 2 full_calendar_macro 2 admin_tools 1 application-collabora 1 application_licensing 1 blog_application 1 confluence_migrator 1 oauth_identity 1 openid_connect 1 org.xwiki.platform:xwiki-platform-legacy-oldcore 1 org.xwiki.platform:xwiki-platform-oldcore 1 rendering 1 wiki-platform 1 xwiki-commons 1 xwiki_enterprise 1 xwiki_watch 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy