Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-30537
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root ca...
Xwiki Xwiki
8.8
CVSSv3
CVE-2023-29211
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights `WikiManager.DeleteWiki` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper e...
Xwiki Xwiki
Xwiki Xwiki 14.10
8.8
CVSSv3
CVE-2023-29212
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included p...
Xwiki Xwiki
Xwiki Xwiki 14.10
8.8
CVSSv3
CVE-2023-29214
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included p...
Xwiki Xwiki
Xwiki Xwiki 14.10
8.8
CVSSv3
CVE-2023-29209
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full acces...
Xwiki Xwiki
8.8
CVSSv3
CVE-2023-29210
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access t...
Xwiki Xwiki
Xwiki Xwiki 14.10
8.8
CVSSv3
CVE-2023-26472
XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for us...
Xwiki Xwiki
Xwiki Xwiki 6.2
8.8
CVSSv3
CVE-2023-26474
XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds.
Xwiki Xwiki
8.8
CVSSv3
CVE-2023-26475
XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been pat...
Xwiki Xwiki
Xwiki Xwiki 2.3
8.8
CVSSv3
CVE-2023-26471
XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but the async macro does not take into account the restricted mode. This means that...
Xwiki Xwiki 11.6
Xwiki Xwiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »