Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki 13.0 vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2022-24897
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and before 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on t...
Xwiki Xwiki
5.5
CVSSv2
CVE-2022-23615
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current use...
Xwiki Xwiki
5.5
CVSSv2
CVE-2021-32729
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions before 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user wi...
Xwiki Xwiki
4.3
CVSSv2
CVE-2021-32732
### Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it's quite...
Xwiki Xwiki
Xwiki Xwiki 13.0
Xwiki Xwiki 13.1
4.3
CVSSv2
CVE-2021-32730
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions before 12.10.5, and in versions 13.0 up to and including 13.1. It's possible for forge an URL that, when acc...
Xwiki Xwiki
Xwiki Xwiki 13.0
Xwiki Xwiki 13.1
4
CVSSv2
CVE-2022-23617
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in X...
Xwiki Xwiki
Xwiki Xwiki 13.0
Xwiki Xwiki 13.1
4
CVSSv2
CVE-2021-32620
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions before 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link ...
Xwiki Xwiki
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started