Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2021-32621
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions before 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The...
Xwiki Xwiki 3.0
Xwiki Xwiki
445
VMScore
CVE-2022-24819
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4...
Xwiki Xwiki
Xwiki Xwiki 13.9
383
VMScore
CVE-2022-24820
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11...
Xwiki Xwiki 13.9
Xwiki Xwiki
NA
CVE-2023-26473
XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulne...
Xwiki Xwiki 1.3
Xwiki Xwiki
NA
CVE-2023-35150
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to rem...
Xwiki Xwiki
Xwiki Xwiki 2.4
NA
CVE-2023-35153
XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and s...
Xwiki Xwiki 15.0
Xwiki Xwiki
NA
CVE-2023-35157
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker kno...
Xwiki Xwiki 15.0
Xwiki Xwiki
NA
CVE-2023-35161
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS, e.g. ...
Xwiki Xwiki 6.2
Xwiki Xwiki
NA
CVE-2023-35162
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the previewactions template to perform a XSS, e.g....
Xwiki Xwiki 6.1
Xwiki Xwiki
NA
CVE-2023-32068
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions before 14.10.4 it's possible to exploit well known parameters in XWiki URLs to perform redirection to untrusted site. This vulnerability was partially fixed i...
Xwiki Xwiki 15.0
Xwiki Xwiki
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »