Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-41928
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been pa...
Xwiki Xwiki
Xwiki Xwiki 5.0
Xwiki Xwiki 14.4.3
Xwiki Xwiki 14.4.4
NA
CVE-2022-41929
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem...
Xwiki Xwiki
Xwiki Xwiki 11.7
Xwiki Xwiki 14.4.3
Xwiki Xwiki 14.4.4
NA
CVE-2023-36468
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still po...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Xwiki 15.1
NA
CVE-2023-36469
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution ...
Xwiki Xwiki 15.0
Xwiki Xwiki 15.1
Xwiki Xwiki
NA
CVE-2023-36470
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and t...
Xwiki Xwiki 15.0
Xwiki Xwiki 15.1
Xwiki Xwiki
NA
CVE-2023-40176
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is sele...
Xwiki Xwiki 15.0
Xwiki Xwiki 4.1
Xwiki Xwiki
4.3
CVSSv2
CVE-2021-32730
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions before 12.10.5, and in versions 13.0 up to and including 13.1. It's possible for forge an URL that, when acc...
Xwiki Xwiki
Xwiki Xwiki 13.0
Xwiki Xwiki 13.1
4.3
CVSSv2
CVE-2021-32732
### Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it's quite...
Xwiki Xwiki
Xwiki Xwiki 13.0
Xwiki Xwiki 13.1
NA
CVE-2023-35151
XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 1...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Xwiki 7.3
NA
CVE-2023-35152
XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerab...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Xwiki 12.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »