Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-41931
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity co...
Xwiki Xwiki 6.4
Xwiki Xwiki
Xwiki Xwiki 14.4.3
Xwiki Xwiki 14.4.4
7.5
CVSSv3
CVE-2023-50719
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user ...
Xwiki Xwiki 7.2
Xwiki Xwiki 15.6
Xwiki Xwiki 15.7
Xwiki Xwiki
7.5
CVSSv3
CVE-2023-26476
XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and h...
Xwiki Xwiki 3.2
Xwiki Xwiki 14.7
Xwiki Xwiki
8.8
CVSSv3
CVE-2023-29213
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-ui` it is possible to trick a user with programming rights into visiting a constructed url where e.g., by em...
Xwiki Xwiki
Xwiki Xwiki 14.0
Xwiki Xwiki 4.2
6.1
CVSSv3
CVE-2023-29506
XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.
Xwiki Xwiki 14.10
Xwiki Xwiki
Xwiki Xwiki 14.6
8.8
CVSSv3
CVE-2023-36468
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still po...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Xwiki 15.1
8.8
CVSSv3
CVE-2023-36469
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution ...
Xwiki Xwiki 15.0
Xwiki Xwiki 15.1
Xwiki Xwiki
8.8
CVSSv3
CVE-2023-36470
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and t...
Xwiki Xwiki 15.0
Xwiki Xwiki 15.1
Xwiki Xwiki
5.4
CVSSv3
CVE-2023-40176
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is sele...
Xwiki Xwiki 15.0
Xwiki Xwiki 4.1
Xwiki Xwiki
8.8
CVSSv3
CVE-2023-40177
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. T...
Xwiki Xwiki 15.0
Xwiki Xwiki 4.3
Xwiki Xwiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »