Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki 14.4.3 vulnerabilities and exploits
(subscribe to this query)
8.2
CVSSv3
CVE-2022-41930
org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselv...
Xwiki Xwiki
Xwiki Xwiki 14.4.3
Xwiki Xwiki 14.4.4
5.3
CVSSv3
CVE-2022-41932
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded databas...
Xwiki Xwiki
Xwiki Xwiki 14.4.3
Xwiki Xwiki 14.4.4
8.8
CVSSv3
CVE-2022-41928
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been pa...
Xwiki Xwiki
Xwiki Xwiki 5.0
Xwiki Xwiki 14.4.3
Xwiki Xwiki 14.4.4
4.9
CVSSv3
CVE-2022-41929
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem...
Xwiki Xwiki
Xwiki Xwiki 11.7
Xwiki Xwiki 14.4.3
Xwiki Xwiki 14.4.4
8.8
CVSSv3
CVE-2022-41931
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity co...
Xwiki Xwiki 6.4
Xwiki Xwiki
Xwiki Xwiki 14.4.3
Xwiki Xwiki 14.4.4
8.8
CVSSv3
CVE-2022-41934
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to th...
Xwiki Xwiki
Xwiki Xwiki 14.4.4
Xwiki Xwiki 14.4.5
4.3
CVSSv3
CVE-2022-41935
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the respo...
Xwiki Xwiki
Xwiki Xwiki 14.4.4
Xwiki Xwiki 14.4.5
5.3
CVSSv3
CVE-2023-29203
XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgsuggest.vm`. This issue only concerns...
Xwiki Xwiki
Xwiki Xwiki 13.9
6.5
CVSSv3
CVE-2022-41933
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. N...
Xwiki Xwiki 13.1
Xwiki Xwiki
7.5
CVSSv3
CVE-2022-41936
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized users are exposed though the...
Xwiki Xwiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started