Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki 15.1 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-37912
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15....
Xwiki Xwiki-rendering 15.0
Xwiki Xwiki-rendering
8.8
CVSSv3
CVE-2023-40573
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job sc...
Xwiki Xwiki 15.0
Xwiki Xwiki 15.1
Xwiki Xwiki
Xwiki Xwiki 15.2
Xwiki Xwiki 15.3
8.8
CVSSv3
CVE-2023-36468
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still po...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Xwiki 15.1
8.8
CVSSv3
CVE-2023-36469
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution ...
Xwiki Xwiki 15.0
Xwiki Xwiki 15.1
Xwiki Xwiki
8.8
CVSSv3
CVE-2023-36470
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and t...
Xwiki Xwiki 15.0
Xwiki Xwiki 15.1
Xwiki Xwiki
8.8
CVSSv3
CVE-2023-35152
XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerab...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Xwiki 12.9
8.8
CVSSv3
CVE-2023-35166
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.
Xwiki Xwiki
8.1
CVSSv3
CVE-2023-34465
XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail ...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Xwiki 11.8
8
CVSSv3
CVE-2023-40572
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the con...
Xwiki Xwiki 15.0
Xwiki Xwiki 15.1
Xwiki Xwiki
Xwiki Xwiki 15.2
Xwiki Xwiki 15.3
7.5
CVSSv3
CVE-2023-35151
XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 1...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Xwiki 7.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27842
CVE-2024-30657
CVE-2024-4534
hardcoded
SSRF
CVE-2024-21683
CVE-2024-5364
file upload
CVE-2024-5371
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »