Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-4641
SQL injection vulnerability in XWiki Enterprise prior to 2.5 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Xwiki Xwiki 1.0
Xwiki Xwiki 1.1
Xwiki Xwiki 0.9.840
Xwiki Xwiki 0.9.790
Xwiki Xwiki 0.9.793
Xwiki Xwiki 0.9.1252
Xwiki Xwiki 0.9.543
Xwiki Xwiki
NA
CVE-2010-4642
Cross-site scripting (XSS) vulnerability in XWiki Enterprise prior to 2.5 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Xwiki Xwiki 1.1
Xwiki Xwiki 1.0
Xwiki Xwiki 0.9.840
Xwiki Xwiki 0.9.793
Xwiki Xwiki 0.9.790
Xwiki Xwiki
Xwiki Xwiki 0.9.543
Xwiki Xwiki 0.9.1252
9
CVSSv3
CVE-2023-45134
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-1 and before 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.2 a...
Xwiki Xwiki 3.0
Xwiki Xwiki 3.1
Xwiki Xwiki 2.5
Xwiki Xwiki 2.4
Xwiki Xwiki
Xwiki Xwiki 3.0.1
8
CVSSv3
CVE-2023-40572
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the con...
Xwiki Xwiki 15.0
Xwiki Xwiki 15.1
Xwiki Xwiki
Xwiki Xwiki 15.2
Xwiki Xwiki 15.3
8.8
CVSSv3
CVE-2023-40573
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job sc...
Xwiki Xwiki 15.0
Xwiki Xwiki 15.1
Xwiki Xwiki
Xwiki Xwiki 15.2
Xwiki Xwiki 15.3
6.1
CVSSv3
CVE-2022-23622
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in th...
Xwiki Xwiki
Xwiki Xwiki 13.10
Xwiki Xwiki 13.10.1
Xwiki Xwiki 13.10.2
Xwiki Xwiki 14.0
NA
CVE-2006-7223
PreviewAction in XWiki 0.9.543 up to and including 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author ha...
Xwiki Xwiki 0.9.543
Xwiki Xwiki 0.9.790
Xwiki Xwiki 0.9.793
Xwiki Xwiki 0.9.840
Xwiki Xwiki 0.9.1252
8.8
CVSSv3
CVE-2022-41928
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been pa...
Xwiki Xwiki
Xwiki Xwiki 5.0
Xwiki Xwiki 14.4.3
Xwiki Xwiki 14.4.4
7.5
CVSSv3
CVE-2023-50719
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user ...
Xwiki Xwiki 7.2
Xwiki Xwiki 15.6
Xwiki Xwiki 15.7
Xwiki Xwiki
4.9
CVSSv3
CVE-2022-41929
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem...
Xwiki Xwiki
Xwiki Xwiki 11.7
Xwiki Xwiki 14.4.3
Xwiki Xwiki 14.4.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »