Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2005-4862
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote malicious users to obtain sensitive information via a search string that matches a password.
Xwiki Xwiki 0.9.793
384
VMScore
CVE-2022-23622
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in th...
Xwiki Xwiki
Xwiki Xwiki 13.10
Xwiki Xwiki 13.10.1
Xwiki Xwiki 13.10.2
Xwiki Xwiki 14.0
383
VMScore
CVE-2022-29258
XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platfor...
Xwiki Xwiki
383
VMScore
CVE-2022-29251
XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the `FlamingoThemesCode.WebHomeSheet` wiki page related to the "newThe...
Xwiki Xwiki
383
VMScore
CVE-2022-29252
XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the "requestJoin" field. The ...
Xwiki Xwiki
Xwiki Xwiki 5.3
383
VMScore
CVE-2022-24820
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11...
Xwiki Xwiki 13.9
Xwiki Xwiki
383
VMScore
CVE-2021-32732
### Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it's quite...
Xwiki Xwiki
Xwiki Xwiki 13.0
Xwiki Xwiki 13.1
383
VMScore
CVE-2021-32730
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions before 12.10.5, and in versions 13.0 up to and including 13.1. It's possible for forge an URL that, when acc...
Xwiki Xwiki
Xwiki Xwiki 13.0
Xwiki Xwiki 13.1
383
VMScore
CVE-2021-29459
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions before 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their perso...
383
VMScore
CVE-2017-1000051
Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad prior to 1.1.1 allows remote malicious users to inject arbitrary web script or HTML via the pad content
Xwiki Cryptpad
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »