Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / xwiki

xwiki

285 tracked vulnerabilities.

CVE-2023-35151 HIGH

XWiki 7.3-milestone-1-14.4.8 - Unauthenticated Exposure of Obfuscated Passwords via REST Endpoint

CVE-2023-35150 CRITICAL

XWiki Platform 2.40m-2-14.4.8, 14.10.4, 15.0 - Remote Code Execution via Crafted URL Payload

CVE-2023-34467 HIGH

XWiki Platform <14.4.8-15.0-rc-1 - Info Disclosure

CVE-2023-34466 MEDIUM

XWiki 5.0.1-14.4.7 - Unauthorized Information Disclosure via Tags API

CVE-2023-34465 CRITICAL

XWiki 11.8-rc-1-14.4.7 - Authenticated Privilege Escalation via Mail.MailConfig Page

CVE-2023-34464 CRITICAL

XWiki Platform 2.2.1-14.4.7 - Stored Cross-Site Scripting via DisplayContent or RenderContent Template

CVE-2023-35166 CRITICAL

XWiki 8.1-14.10.5 - Incorrect Authorization via Tip UI Extension

CVE-2023-32068 MEDIUM NUCLEI

XWiki Platform < 14.10.4 - Open Redirect via URL Parameter Manipulation

CVE-2023-32070 CRITICAL

XWiki Platform < 14.6-rc-1 - Cross-Site Scripting via HTML Attribute Injection

CVE-2023-32071 CRITICAL

XWiki Platform <2.2-14.4.8, <14.10.4, <15.0-rc-1 - XSS

CVE-2023-32069 CRITICAL

XWiki 3.3-milestone-2-14.10.3 - Incorrect Authorization

CVE-2023-31126 CRITICAL

org.xwiki.commons:xwiki-commons-xml - XSS

CVE-2023-29528 CRITICAL

XWiki Commons 4.2-milestone-1-14.9 - Cross-Site Scripting via Invalid HTML Comments

CVE-2023-29527 CRITICAL

XWiki 7.4.4-14.10.2 - Unauthenticated Remote Code Execution via Groovy Script Injection

CVE-2023-29526 CRITICAL

XWiki Platform 10.11.1-13.10.11 - Remote Code Execution via Async and Display Macros

CVE-2023-29525 CRITICAL

XWiki < 14.4.8, 12.6.1-13.10.11, 14.6-rc-1-14.10.3 - Code Injection via LegacyNotificationAdministration since Parameter

CVE-2023-29524 CRITICAL

XWiki < 14.10.3 - Authenticated Remote Code Execution via Scheduler Job Script Injection

CVE-2023-29523 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Script Macro Injection

CVE-2023-29522 CRITICAL

XWiki < 14.4.8 - Remote Code Execution via Crafted Page Name

CVE-2023-29521 HIGH

XWiki < 13.10.11 - Authenticated Remote Code Execution via Macro.VFSTreeMacro

CVE-2023-29520 MEDIUM

XWiki < 13.10.11 - Denial of Service via Corrupted Translation Document

CVE-2023-29519 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Attachment Selector Property Field

CVE-2023-29518 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Invitation.InvitationCommon Page

CVE-2023-29517 HIGH

XWiki < 13.10.11 - Unauthenticated Exposure of Sensitive Information via Office Document Viewer Macro

CVE-2023-29516 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via AttachmentSelector Cancel Button

Previous Page 7 of 12 Next

Products

xwiki 248 cryptpad 5 pro_macros 5 commons 4 xwiki-platform 4 xwiki-rendering 4 pdf_viewer_macro 3 change_request 2 ckeditor_integration 2 full_calendar_macro 2 admin_tools 1 application-collabora 1 application_licensing 1 blog_application 1 confluence_migrator 1 oauth_identity 1 openid_connect 1 org.xwiki.platform:xwiki-platform-legacy-oldcore 1 org.xwiki.platform:xwiki-platform-oldcore 1 rendering 1 wiki-platform 1 xwiki-commons 1 xwiki_enterprise 1 xwiki_watch 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy