Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-35158
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by usi...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Xwiki 9.4
NA
CVE-2023-34465
XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail ...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Xwiki 11.8
NA
CVE-2022-41934
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to th...
Xwiki Xwiki
Xwiki Xwiki 14.4.4
Xwiki Xwiki 14.4.5
NA
CVE-2022-41927
XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow malicious users to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instanc...
Xwiki Xwiki 14.4
Xwiki Xwiki 3.2
Xwiki Xwiki
NA
CVE-2022-41930
org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselv...
Xwiki Xwiki
Xwiki Xwiki 14.4.3
Xwiki Xwiki 14.4.4
383
VMScore
CVE-2021-32730
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions before 12.10.5, and in versions 13.0 up to and including 13.1. It's possible for forge an URL that, when acc...
Xwiki Xwiki
Xwiki Xwiki 13.0
Xwiki Xwiki 13.1
383
VMScore
CVE-2021-32732
### Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it's quite...
Xwiki Xwiki
Xwiki Xwiki 13.0
Xwiki Xwiki 13.1
NA
CVE-2022-41932
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded databas...
Xwiki Xwiki
Xwiki Xwiki 14.4.3
Xwiki Xwiki 14.4.4
NA
CVE-2023-36477
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Ckeditor Integration
NA
CVE-2023-29214
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included p...
Xwiki Xwiki
Xwiki Xwiki 14.10
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »