Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-4862
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote malicious users to obtain sensitive information via a search string that matches a password.
Xwiki Xwiki 0.9.793
4.3
CVSSv2
CVE-2022-29258
XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platfor...
Xwiki Xwiki
4.3
CVSSv2
CVE-2022-29251
XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the `FlamingoThemesCode.WebHomeSheet` wiki page related to the "newThe...
Xwiki Xwiki
4.3
CVSSv2
CVE-2022-29252
XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the "requestJoin" field. The ...
Xwiki Xwiki
Xwiki Xwiki 5.3
4.3
CVSSv2
CVE-2022-24820
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11...
Xwiki Xwiki 13.9
Xwiki Xwiki
4.3
CVSSv2
CVE-2022-23622
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in th...
Xwiki Xwiki
Xwiki Xwiki 13.10
Xwiki Xwiki 13.10.1
Xwiki Xwiki 13.10.2
Xwiki Xwiki 14.0
4.3
CVSSv2
CVE-2021-32732
### Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it's quite...
Xwiki Xwiki
Xwiki Xwiki 13.0
Xwiki Xwiki 13.1
4.3
CVSSv2
CVE-2021-32730
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions before 12.10.5, and in versions 13.0 up to and including 13.1. It's possible for forge an URL that, when acc...
Xwiki Xwiki
Xwiki Xwiki 13.0
Xwiki Xwiki 13.1
4.3
CVSSv2
CVE-2021-29459
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions before 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their perso...
4.3
CVSSv2
CVE-2017-1000051
Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad prior to 1.1.1 allows remote malicious users to inject arbitrary web script or HTML via the pad content
Xwiki Cryptpad
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »