Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

xwiki-platform — Vulnerabilities & Security Advisories 228

All 228 CVE vulnerabilities found in xwiki-platform, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities affecting the xwiki-platform, specifically categorized under the general weakness type of software vulnerabilities. It serves as a centralized repository for tracking flaws that could potentially compromise the integrity, availability, or confidentiality of instances running this platform. The content aggregates reports from various sources to provide a comprehensive view of the security landscape surrounding this specific software. It covers vulnerabilities identified and disclosed over a significant historical period, capturing both recent findings and older, unresolved issues. This time range ensures that users can see the evolution of security concerns associated with the product over time. Visitors to this page can discover detailed information about how the vendor responds to these issues by tracking their advisories and patch releases. The page also helps users understand specific weakness classes by providing context on how these defects manifest within the xwiki-platform architecture. Additionally, it allows for looking up a product's vulnerability history, enabling security teams and administrators to assess risk levels based on past incidents. By consolidating these data points, the resource supports informed decision-making for maintenance, upgrading, and mitigation strategies without requiring users to search through disparate sources manually.

Vendor: xwiki

CVE IDTitleCVSSSeverityPublished
CVE-2022-23620 Path traversal in xwiki-platform-skin-skinx CWE-22 6.8 Medium2022-02-09
CVE-2022-23619 Information exposure in xwiki-platform CWE-200 5.3 Medium2022-02-09
CVE-2022-23618 Open Redirect in xwiki-platform CWE-601 4.7 Medium2022-02-09
CVE-2022-23617 Missing authorization in xwiki-platform CWE-862 6.5 Medium2022-02-09
CVE-2022-23616 Remote code execution in xwiki-platform CWE-74 8.8 High2022-02-09
CVE-2022-23615 Partial authorization bypass on document save in xwiki-platform CWE-863 5.4 Medium2022-02-09
CVE-2021-43841 XSS by SVG upload in xwiki-platform CWE-79 5.4 Medium2022-02-04
CVE-2021-32732 Cross-Site Request Forgery in xwiki-platform CWE-352 7.5 High2022-02-04
CVE-2021-32731 The reset password form reveal users email address CWE-200 5.3 Medium2021-07-01
CVE-2021-32730 No CSRF protection on the password change form CWE-352 5.7 Medium2021-07-01
CVE-2021-32729 A user without PR can reset user authentication failures information CWE-693 2.0 Low2021-07-01
CVE-2021-32620 Users registered with email verification can self re-activate their disabled accounts CWE-285 8.8 High2021-05-28
CVE-2021-32621 Script injection without script or programming rights through Gadget titles CWE-94 8.8 High2021-05-28
CVE-2021-29459 XSS Cross Site Scripting CWE-79 9.6 Critical2021-04-20
CVE-2021-21380 Rating Script Service expose XWiki to SQL injection CWE-89 7.7 High2021-03-23
CVE-2021-21379 It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro CWE-281 7.7 High2021-03-12
CVE-2020-15252 RCE in XWiki CWE-94 8.5 High2020-10-16
CVE-2020-15171 Users with SCRIPT rights can execute arbitrary code in XWiki CWE-94 6.6 Medium2020-09-10

All 228 known CVE vulnerabilities affecting xwiki-platform with full Chinese analysis, references, and POCs where available.