Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / xwiki

xwiki

285 tracked vulnerabilities.

CVE-2023-29515 HIGH

XWiki < 13.10.11 - Authenticated JavaScript Injection via App Within Minutes Space Admin Right

CVE-2023-29514 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Document Edit

CVE-2023-29513 MEDIUM

XWiki < 14.10.1 - Unauthenticated User Creation via Distribution First Admin User Endpoint

CVE-2023-29512 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Improper Escaping in Attachment Handling

CVE-2023-29510 CRITICAL

XWiki < 14.10.2 - Authenticated Remote Code Execution via User Translation Override

CVE-2023-29213 CRITICAL

XWiki Platform < 13.10.11 - Authenticated Remote Code Execution via URL Expression Injection

CVE-2023-30537 CRITICAL

XWiki 12.6.6-13.10.10 - Authenticated Remote Code Execution via FlamingoThemesCode.WebHome Style Property

CVE-2023-29511 CRITICAL

XWiki 1.7-13.10.10 - Authenticated Remote Code Execution via Section ID Injection in AdminFieldsDisplaySheet

CVE-2023-29509 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via DocumentTree Macro Parameter Injection

CVE-2023-29508 HIGH

XWiki < 13.10.11 - Stored Cross-Site Scripting via Live Data Macro

CVE-2023-29507 CRITICAL

XWiki 14.4.1-14.4.6 and 14.5-14.9 - Privilege Escalation via Document Script API

CVE-2023-29506 MEDIUM NUCLEI

XWiki 13.10.8-13.10.10 - Authenticated Cross-Site Scripting via Endpoint URL Injection

CVE-2023-29214 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via IncludedDocuments Panel

CVE-2023-29212 CRITICAL

XWiki 14.0-14.4.7 - Authenticated Remote Code Execution via Insufficient Escaping in Included Documents Edit Panel

CVE-2023-29211 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Improper WikiId Parameter Escaping

CVE-2023-29210 CRITICAL

XWiki < 13.10.11 - Authenticated Remote Code Execution via Notification Preferences Macro

CVE-2023-29209 CRITICAL

XWiki <13.10.11 - Code Execution via Legacy Notification Activity Macro

CVE-2023-29208 HIGH

XWiki < 13.10.11 - Unauthorized Deleted Document Access

CVE-2023-29207 HIGH

XWiki 1.9-13.10.9 - Stored Cross-Site Scripting via Livetable Macro Column Names

CVE-2023-29206 CRITICAL

XWiki 3.0-14.8 - Authenticated Stored Cross-Site Scripting via JavaScript or StyleSheet XObject

CVE-2023-29205 CRITICAL

XWiki < 14.7 and xwiki-platform-rendering-xwiki < 14.8-rc-1 - Stored Cross-Site Scripting via HTML Macro

CVE-2023-29204 MEDIUM NUCLEI

XWiki 6.0-13.10.9 - Open Redirect via URL Scheme Omission

CVE-2023-29203 LOW

XWiki 13.9-13.10.8 - Unauthorized Exposure of Private User Information via uorgsuggest.vm

CVE-2023-29202 CRITICAL

XWiki 1.8-14.5 - Stored Cross-Site Scripting via RSS Macro Content Parameter

CVE-2023-29201 CRITICAL

XWiki 5.0-14.4 and xwiki-commons-xml 4.2-milestone-1-14.5 - Stored Cross-Site Scripting via HTML Cleaner Restricted Mode

Previous Page 8 of 12 Next

Products

xwiki 248 cryptpad 5 pro_macros 5 commons 4 xwiki-platform 4 xwiki-rendering 4 pdf_viewer_macro 3 change_request 2 ckeditor_integration 2 full_calendar_macro 2 admin_tools 1 application-collabora 1 application_licensing 1 blog_application 1 confluence_migrator 1 oauth_identity 1 openid_connect 1 org.xwiki.platform:xwiki-platform-legacy-oldcore 1 org.xwiki.platform:xwiki-platform-oldcore 1 rendering 1 wiki-platform 1 xwiki-commons 1 xwiki_enterprise 1 xwiki_watch 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy