Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / xwiki

xwiki

285 tracked vulnerabilities.

CVE-2023-27480 HIGH

XWiki Platform < 13.10.11 - XML External Entity Injection via XAR Import

CVE-2023-27479 CRITICAL

XWiki 6.3-13.10.10 - Authenticated Remote Code Execution via UIX Parameter Injection

CVE-2023-26476 HIGH

XWiki Platform <14.7-rc-1, <13.4.4, <13.10.9 - Info Disclosure

CVE-2023-26475 CRITICAL

XWiki Platform <2.3-milestone-1 - RCE

CVE-2023-26474 CRITICAL

XWiki 13.10-13.10.10 - Improper Access Control via Text Area Property Execution

CVE-2023-26473 MEDIUM

XWiki Platform <1.3-rc-1 - Info Disclosure

CVE-2023-26472 CRITICAL

XWiki 6.2.1-13.10.9 - Unauthenticated Remote Code Execution via Icon Theme Sheet Injection

CVE-2023-26471 CRITICAL

XWiki 11.6-13.10.9 - Authenticated Privilege Escalation via Async Macro

CVE-2023-26470 MEDIUM

XWiki < 14.0 - Uncontrolled Resource Consumption via Large Object Addition

CVE-2023-26056 MEDIUM

XWiki Platform <3.0-milestone-1 - Privilege Escalation

CVE-2023-26055 CRITICAL

XWiki Commons <3.1-milestone-1 - Code Injection

CVE-2023-26480 HIGH

XWiki 12.10-13.10.9 - Stored Cross-Site Scripting via Live Data Macro

CVE-2023-26479 MEDIUM

XWiki Platform <6.0 - Info Disclosure

CVE-2023-26478 MEDIUM

XWiki Platform <14.3-rc-1 - Info Disclosure

CVE-2023-26477 CRITICAL

XWiki Platform <13.10.10, <14.9-rc-1, <14.4.6 - Code Injection

CVE-2023-22457 CRITICAL

CKEditor Integration UI <1.64.3 - CSRF

CVE-2022-41933 MEDIUM

XWiki 13.1-13.10.8 - Plaintext Password Storage in Forgot Password Feature

CVE-2022-41932 HIGH

XWiki < 13.10.8 - Denial of Service via Crafted User Identifier in Login Form

CVE-2022-41935 MEDIUM

XWiki 12.10.11-13.10.8 - Unauthenticated Exposure of Sensitive Information via Livetable Queries

CVE-2022-41934 CRITICAL

XWiki Platform < 13.10.8 - Authenticated Remote Code Execution via Menu Macro Injection

CVE-2022-41931 CRITICAL

xwiki-platform-icon-ui - Eval Injection

CVE-2022-41930 HIGH

XWiki 12.4-13.10.6 - Unauthenticated Missing Authorization in User Profile UI

CVE-2022-41929 MEDIUM

XWiki 11.7-13.10.6, 14.0.0-14.4.1 - Missing Authorization in User#setDisabledStatus

CVE-2022-41928 CRITICAL

XWiki 5.0-13.10.6 - Eval Injection in AttachmentSelector.xml

CVE-2022-41927 HIGH

XWiki Platform 3.2-13.10.6 - Cross-Site Request Forgery in Tag Management

Previous Page 9 of 12 Next

Products

xwiki 248 cryptpad 5 pro_macros 5 commons 4 xwiki-platform 4 xwiki-rendering 4 pdf_viewer_macro 3 change_request 2 ckeditor_integration 2 full_calendar_macro 2 admin_tools 1 application-collabora 1 application_licensing 1 blog_application 1 confluence_migrator 1 oauth_identity 1 openid_connect 1 org.xwiki.platform:xwiki-platform-legacy-oldcore 1 org.xwiki.platform:xwiki-platform-oldcore 1 rendering 1 wiki-platform 1 xwiki-commons 1 xwiki_enterprise 1 xwiki_watch 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy