Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

xwiki-platform — Vulnerabilities & Security Advisories 228

All 228 CVE vulnerabilities found in xwiki-platform, with AI-generated Chinese analysis, references, and POCs.

This page presents vulnerability aggregation data for XWiki Platform, focusing on software security weaknesses and their associated tags within the vendor’s ecosystem. It collects a comprehensive range of vulnerability records, including remote code execution flaws, cross-site scripting issues, and authentication bypasses, covering all publicly disclosed security incidents from the product’s initial release through the most recent updates. By consolidating these entries, the resource allows users to effectively track the vendor’s historical advisory patterns and correlate specific CVEs with broader weakness classifications. Readers can explore how different vulnerability classes impact the platform’s architecture over time and analyze the chronology of security patches issued by XWiki. This structured overview aids developers, security auditors, and system administrators in assessing the overall risk posture of XWiki Platform deployments. Understanding the evolution of these weaknesses provides critical context for patch management strategies and helps identify persistent security concerns that may not be immediately apparent when reviewing individual reports in isolation. The data serves as a reference point for evaluating the effectiveness of past remediation efforts and anticipating potential future attack vectors based on historical trends.

Vendor: xwiki

CVE IDTitleCVSSSeverityPublished
CVE-2024-31987 XWiki Platform remote code execution from account via custom skins support CWE-862 10.0 Critical2024-04-10
CVE-2024-31986 XWiki Platform CSRF remote code execution through scheduler job's document reference CWE-352 9.1 Critical2024-04-10
CVE-2024-31985 XWiki Platform CSRF in the job scheduler CWE-352 5.4 Medium2024-04-10
CVE-2024-31984 XWiki Platform: Remote code execution through space title and Solr space facet CWE-95 10.0 Critical2024-04-10
CVE-2024-31983 XWiki Platform: Remote code execution from edit in multilingual wikis via translations CWE-862 10.0 Critical2024-04-10
CVE-2024-31982 XWiki Platform: Remote code execution as guest via DatabaseSearch CWE-95 10.0 Critical2024-04-10
CVE-2024-31981 XWiki Platform: Privilege escalation (PR) from user registration through PDFClass CWE-862 10.0 Critical2024-04-10
CVE-2024-31465 XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet CWE-95 10.0 Critical2024-04-10
CVE-2024-31464 XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted CWE-200 6.8 Medium2024-04-10
CVE-2024-21648 XWiki has no right protection on rollback action CWE-274 8.0 High2024-01-08
CVE-2024-21651 XWiki Denial of Service attack through attachments CWE-400 7.5 High2024-01-08
CVE-2024-21650 XWiki Remote Code Execution vulnerability via user registration CWE-95 10.0 Critical2024-01-08
CVE-2023-50732 Velocity execution without script right through tree macro CWE-863 8.3 High2023-12-21
CVE-2023-50723 XWiki Platform remote code execution/programming rights with configuration section from any user account CWE-95 10.0 Critical2023-12-15
CVE-2023-50722 XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass CWE-79 9.7 Critical2023-12-15
CVE-2023-50721 XWiki Platform RCE from account through SearchAdmin CWE-95 10.0 Critical2023-12-15
CVE-2023-50719 XWiki Platform Solr search discloses password hashes of all users CWE-359 7.5 High2023-12-15
CVE-2023-50720 XWiki Platform Solr search discloses email addresses of users CWE-200 5.3 Medium2023-12-15
CVE-2023-48241 XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service CWE-285 7.5 High2023-11-20
CVE-2023-48240 XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery CWE-201 9.1 Critical2023-11-20
CVE-2023-46243 Code execution via the edit action in XWiki platform CWE-94 10.0 Critical2023-11-07
CVE-2023-46242 Code injection in XWiki Platform CWE-94 9.7 Critical2023-11-07
CVE-2023-46244 Privilege escalation in Xwiki platform CWE-863 9.1 Critical2023-11-07
CVE-2023-46731 Remote code execution through the section parameter in Administration as guest in XWiki Platform CWE-94 10.0 Critical2023-11-06
CVE-2023-46732 Reflected Cross-site scripting through revision parameter in content menu in XWiki Platform CWE-79 9.7 Critical2023-11-06
CVE-2023-45137 XWiki Platform XSS with edit right in the create document form for existing pages CWE-79 9.1 Critical2023-10-25
CVE-2023-45136 XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled CWE-79 9.7 Critical2023-10-25
CVE-2023-45135 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title CWE-116 9.1 Critical2023-10-25
CVE-2023-45134 XWiki Platform XSS vulnerability from account in the create page form via template provider CWE-79 9.1 Critical2023-10-25
CVE-2023-37913 org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter CWE-23 10.0 Critical2023-10-25

All 228 known CVE vulnerabilities affecting xwiki-platform with full Chinese analysis, references, and POCs where available.