Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2020-15252
In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code exec...
Xwiki Xwiki
9
CVSSv2
CVE-2020-11057
In XWiki Platform 7.2 up to and including 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0.
Xwiki Xwiki
7.5
CVSSv2
CVE-2010-4641
SQL injection vulnerability in XWiki Enterprise prior to 2.5 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Xwiki Xwiki 1.0
Xwiki Xwiki 1.1
Xwiki Xwiki 0.9.840
Xwiki Xwiki 0.9.790
Xwiki Xwiki 0.9.793
Xwiki Xwiki 0.9.1252
Xwiki Xwiki 0.9.543
Xwiki Xwiki
6.8
CVSSv2
CVE-2022-29161
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the ...
Xwiki Xwiki
6.5
CVSSv2
CVE-2022-23616
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset pa...
Xwiki Xwiki 3.1
Xwiki Xwiki
6.5
CVSSv2
CVE-2021-32621
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions before 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The...
Xwiki Xwiki 3.0
Xwiki Xwiki
6.5
CVSSv2
CVE-2021-21380
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the fr...
Xwiki Xwiki 6.4
Xwiki Xwiki
2 Github repositories
6.5
CVSSv2
CVE-2006-7223
PreviewAction in XWiki 0.9.543 up to and including 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author ha...
Xwiki Xwiki 0.9.543
Xwiki Xwiki 0.9.790
Xwiki Xwiki 0.9.793
Xwiki Xwiki 0.9.840
Xwiki Xwiki 0.9.1252
6
CVSSv2
CVE-2022-24897
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and before 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on t...
Xwiki Xwiki
6
CVSSv2
CVE-2020-15171
In XWiki prior to 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution...
Xwiki Xwiki
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »