Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki 15.0 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-29525
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the `since` parameter of the `/xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration` endpoint. ...
Xwiki Xwiki
8.8
CVSSv3
CVE-2023-29526
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with eithe...
Xwiki Xwiki
8.8
CVSSv3
CVE-2023-29527
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile (or any other document) with the wiki editor and add groovy script content. Viewing the...
Xwiki Xwiki
8.8
CVSSv3
CVE-2023-29511
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki install...
Xwiki Xwiki 14.0
Xwiki Xwiki
8.1
CVSSv3
CVE-2023-37910
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any docume...
Xwiki Xwiki
8.1
CVSSv3
CVE-2023-34465
XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail ...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Xwiki 11.8
8
CVSSv3
CVE-2023-40572
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the con...
Xwiki Xwiki 15.0
Xwiki Xwiki 15.1
Xwiki Xwiki
Xwiki Xwiki 15.2
Xwiki Xwiki 15.3
8
CVSSv3
CVE-2023-35150
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to rem...
Xwiki Xwiki
Xwiki Xwiki 2.4
7.5
CVSSv3
CVE-2023-34467
XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was...
Xwiki Xwiki 3.5
Xwiki Xwiki
7.5
CVSSv3
CVE-2023-35151
XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 1...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Xwiki 7.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »