Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xwiki xwiki 1.0 vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2007-4888
The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin...
Xwiki Xwiki 1.0 B2
Xwiki Xwiki 1.0 B1
7.5
CVSSv2
CVE-2010-4641
SQL injection vulnerability in XWiki Enterprise prior to 2.5 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Xwiki Xwiki 0.9.1252
Xwiki Xwiki 0.9.790
Xwiki Xwiki 0.9.543
Xwiki Xwiki 1.0
Xwiki Xwiki 1.1
Xwiki Xwiki
Xwiki Xwiki 0.9.840
Xwiki Xwiki 0.9.793
4.3
CVSSv2
CVE-2010-4642
Cross-site scripting (XSS) vulnerability in XWiki Enterprise prior to 2.5 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Xwiki Xwiki 0.9.1252
Xwiki Xwiki 0.9.790
Xwiki Xwiki 0.9.543
Xwiki Xwiki 1.0
Xwiki Xwiki 1.1
Xwiki Xwiki
Xwiki Xwiki 0.9.840
Xwiki Xwiki 0.9.793
4.3
CVSSv2
CVE-2010-4640
Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote malicious users to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name param...
Xwiki Xwiki Watch 1.0
NA
CVE-2022-36094
XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it's possible to store JavaScript which will be executed by anyone viewing the history of an attachme...
Xwiki Xwiki
NA
CVE-2023-41046
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "Velocity...
Xwiki Xwiki
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5841
file upload
man-in-the-middle
arbitrary
CVE-2024-27801
CVE-2024-28020
CVE-2024-30080
CVE-2024-30069
CVE-2024-5843
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started