Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki 15.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-37908
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via inva...
Xwiki Xwiki-rendering
NA
CVE-2023-37910
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any docume...
Xwiki Xwiki
NA
CVE-2023-37912
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15....
Xwiki Xwiki-rendering 15.0
Xwiki Xwiki-rendering
NA
CVE-2023-40573
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job sc...
Xwiki Xwiki 15.0
Xwiki Xwiki 15.1
Xwiki Xwiki
Xwiki Xwiki 15.2
Xwiki Xwiki 15.3
NA
CVE-2023-40572
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the con...
Xwiki Xwiki 15.0
Xwiki Xwiki 15.1
Xwiki Xwiki
Xwiki Xwiki 15.2
Xwiki Xwiki 15.3
NA
CVE-2023-40177
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. T...
Xwiki Xwiki 15.0
Xwiki Xwiki 4.3
Xwiki Xwiki
NA
CVE-2023-40176
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is sele...
Xwiki Xwiki 15.0
Xwiki Xwiki 4.1
Xwiki Xwiki
NA
CVE-2023-37462
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is pos...
Xwiki Xwiki
NA
CVE-2023-36477
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Ckeditor Integration
NA
CVE-2023-36468
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still po...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Xwiki 15.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »