Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-23617
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in X...
Xwiki Xwiki
Xwiki Xwiki 13.0
Xwiki Xwiki 13.1
4.3
CVSSv2
CVE-2021-32730
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions before 12.10.5, and in versions 13.0 up to and including 13.1. It's possible for forge an URL that, when acc...
Xwiki Xwiki
Xwiki Xwiki 13.0
Xwiki Xwiki 13.1
4.3
CVSSv2
CVE-2021-32732
### Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it's quite...
Xwiki Xwiki
Xwiki Xwiki 13.0
Xwiki Xwiki 13.1
NA
CVE-2023-29506
XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.
Xwiki Xwiki 14.10
Xwiki Xwiki
Xwiki Xwiki 14.6
NA
CVE-2022-41927
XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow malicious users to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instanc...
Xwiki Xwiki 14.4
Xwiki Xwiki 3.2
Xwiki Xwiki
NA
CVE-2022-41930
org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselv...
Xwiki Xwiki
Xwiki Xwiki 14.4.3
Xwiki Xwiki 14.4.4
NA
CVE-2022-41932
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded databas...
Xwiki Xwiki
Xwiki Xwiki 14.4.3
Xwiki Xwiki 14.4.4
NA
CVE-2023-50721
XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax con...
Xwiki Xwiki 15.6
Xwiki Xwiki 15.7
Xwiki Xwiki
NA
CVE-2023-36477
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Ckeditor Integration
4
CVSSv2
CVE-2022-29253
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with ".."...
Xwiki Xwiki 8.3
Xwiki Xwiki
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »