xwiki
285 tracked vulnerabilities.
CVE-2023-45144
CRITICAL
XWiki OAuth Identity < 1.6 - Remote Code Execution via OAuth Login Parameter Injection
Oct 16, 2023
CVSS 10.0
EPSS 0.04
CVE-2023-45138
CRITICAL
Change Request 0.11-1.9.1 - Unauthenticated Remote Code Execution via Change Request Title
Oct 12, 2023
CVSS 10.0
EPSS 0.78
CVE-2023-41046
MEDIUM
XWiki 7.2-14.10.9 - Unauthenticated Velocity Code Execution via XClass TextArea Property
Sep 01, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-40573
CRITICAL
XWiki < 14.10.9 - Remote Code Execution via Scheduled Job Script Injection
Aug 24, 2023
CVSS 9.0
EPSS 0.04
CVE-2023-40572
CRITICAL
XWiki < 14.10.9 - Cross-Site Request Forgery via Create Action
Aug 24, 2023
CVSS 9.0
EPSS 0.03
CVE-2023-40177
CRITICAL
XWiki 4.3.1-14.10.4 - Authenticated Eval Injection via User Profile Content Field
Aug 23, 2023
CVSS 9.9
EPSS 0.02
CVE-2023-40176
CRITICAL
XWiki Platform 4.1.1-14.10.4 - Stored Cross-Site Scripting via User Profile Time Zone Preference
Aug 23, 2023
CVSS 9.0
EPSS 0.29
CVE-2023-37914
CRITICAL
XWiki 2.5-14.4.8 - Authenticated Remote Code Execution via Script Macro Injection in Invitation.WebHome
Aug 17, 2023
CVSS 9.9
EPSS 0.04
CVE-2023-37462
CRITICAL
NUCLEI
XWiki 7.0-14.4.8 - Remote Code Execution via SkinsCode.XWikiSkinsSheet Injection
Jul 14, 2023
CVSS 9.9
EPSS 0.90
CVE-2023-37277
CRITICAL
XWiki 1.8-14.10.8 - Cross-Site Request Forgery via REST API
Jul 10, 2023
CVSS 9.6
EPSS 0.03
CVE-2023-36477
CRITICAL
XWiki Platform 14.6-14.10.5 & CKEditor 1.9-1.64.8 - Authenticated XSS via CKEditor Config
Jun 30, 2023
CVSS 9.0
EPSS 0.03
CVE-2023-36470
CRITICAL
XWiki 6.2-14.10.5 - Remote Code Execution via Icon Set Injection
Jun 29, 2023
CVSS 9.9
EPSS 0.13
CVE-2023-36469
CRITICAL
XWiki 9.6-14.10.5 - Authenticated Remote Code Execution via User Profile Script Macros
Jun 29, 2023
CVSS 9.9
EPSS 0.40
CVE-2023-36468
CRITICAL
XWiki 2.0-14.10.7 - Incomplete Cleanup of Vulnerable Document Revisions
Jun 29, 2023
CVSS 9.9
EPSS 0.09
CVE-2023-36471
CRITICAL
XWiki Commons 14.6-14.10.5 - Remote Code Execution via HTML Sanitizer Bypass
Jun 29, 2023
CVSS 9.0
EPSS 0.01
CVE-2023-35162
CRITICAL
NUCLEI
XWiki 6.2-14.10.4 - Stored Cross-Site Scripting via Preview Actions Template
Jun 23, 2023
CVSS 9.6
EPSS 0.16
CVE-2023-35161
CRITICAL
NUCLEI
XWiki 6.2.1-14.10.4 - Stored Cross-Site Scripting via DeleteApplication Page
Jun 23, 2023
CVSS 9.6
EPSS 0.16
CVE-2023-35160
CRITICAL
NUCLEI
XWiki 3.0-14.10.4 - Cross-Site Scripting via Resubmit Template URL Parameter
Jun 23, 2023
CVSS 9.6
EPSS 0.12
CVE-2023-35159
CRITICAL
NUCLEI
XWiki 3.5-14.10.4 - Stored Cross-Site Scripting via Deletespace Template
Jun 23, 2023
CVSS 9.6
EPSS 0.04
CVE-2023-35158
CRITICAL
NUCLEI
XWiki 9.4-14.10.4 - Stored Cross-Site Scripting via Restore Template URL Parameter
Jun 23, 2023
CVSS 9.6
EPSS 0.10
CVE-2023-35157
HIGH
XWiki Platform < 14.10.6 - Cross-Site Scripting via Delete Attachment Action
Jun 23, 2023
CVSS 8.4
EPSS 0.01
CVE-2023-35156
CRITICAL
NUCLEI
XWiki 6.0.1-14.10.5 - Stored Cross-Site Scripting via Delete Template URL Parameter
Jun 23, 2023
CVSS 9.6
EPSS 0.10
CVE-2023-35155
HIGH
NUCLEI
XWiki < 14.4.8 - Stored Cross-Site Scripting via Share Page URL Parameter
Jun 23, 2023
CVSS 8.8
EPSS 0.47
CVE-2023-35153
CRITICAL
XWiki 5.4.4-14.4.7 - Stored Cross-Site Scripting via AppWithinMinutes.FormFieldCategoryClass Page Title
Jun 23, 2023
CVSS 9.0
EPSS 0.02
CVE-2023-35152
CRITICAL
XWiki Platform 12.9-14.4.8 - Authenticated Eval Injection via First Name Field
Jun 23, 2023
CVSS 9.9
EPSS 0.02
Products
xwiki 248
cryptpad 5
pro_macros 5
commons 4
xwiki-platform 4
xwiki-rendering 4
pdf_viewer_macro 3
change_request 2
ckeditor_integration 2
full_calendar_macro 2
admin_tools 1
application-collabora 1
application_licensing 1
blog_application 1
confluence_migrator 1
oauth_identity 1
openid_connect 1
org.xwiki.platform:xwiki-platform-legacy-oldcore 1
org.xwiki.platform:xwiki-platform-oldcore 1
rendering 1
wiki-platform 1
xwiki-commons 1
xwiki_enterprise 1
xwiki_watch 1
Quick Filters