Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2022-23620
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible ...
Xwiki Xwiki
5.8
CVSSv2
CVE-2022-23618
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirec...
Xwiki Xwiki
5.5
CVSSv2
CVE-2022-24821
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywher...
Xwiki Xwiki
Xwiki Xwiki 13.10
5.5
CVSSv2
CVE-2022-23615
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current use...
Xwiki Xwiki
5.5
CVSSv2
CVE-2021-32729
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions before 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user wi...
Xwiki Xwiki
5.5
CVSSv2
CVE-2019-15302
The pad management logic in XWiki labs CryptPad prior to 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification.
Xwiki Cryptpad
5
CVSSv2
CVE-2022-24819
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4...
Xwiki Xwiki
Xwiki Xwiki 13.9
5
CVSSv2
CVE-2022-23619
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest u...
Xwiki Xwiki
5
CVSSv2
CVE-2021-32731
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) versions 13.1RC1 and 13.1, the reset password form reveals the email address of users just by giving their username. The problem has been patched on XW...
Xwiki Xwiki 13.1
5
CVSSv2
CVE-2020-13654
XWiki Platform prior to 12.8 mishandles escaping in the property displayer.
Xwiki Xwiki
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »