Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki-contrib — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting xwiki-contrib. AI-powered Chinese analysis, POCs, and references for each vulnerability.

XWiki-contrib is an extension platform for XWiki, enabling custom functionality and integrations. Historically, it has been associated with 17 CVEs, primarily involving remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation, insecure deserialization, and insufficient access controls. Notable security characteristics include its extensive plugin ecosystem, which introduces potential attack surfaces through third-party components. While no major public incidents have been widely documented, the consistent vulnerability pattern suggests rigorous security testing and prompt patching are essential for safe deployment. Organizations should prioritize regular updates and implement least-privilege configurations to mitigate risks.

Top products by xwiki-contrib: Mocca Calendar oidc application-changerequest application-admintools macro-fullcalendar application-ckeditor jira syntax-markdown application-blog application-blog-ui macro-plantuml
CVE IDTitleCVSSSeverityPublished
CVE-2026-42140 Server-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameter — macro-plantumlCWE-918 4.4 Medium2026-05-04
CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title — application-blog-uiCWE-79 5.4AIMediumAI2026-03-04
CVE-2025-65091 XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService — macro-fullcalendarCWE-89 10.0 Critical2026-01-10
CVE-2025-65090 XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService — macro-fullcalendarCWE-200 5.3 Medium2026-01-10
CVE-2025-49594 XWiki OIDC Authenticator vulnerable to creation of token for any user with just `view` right — oidcCWE-285 8.8AIHighAI2025-10-06
CVE-2025-58365 XWiki Blog Application: Privilege Escalation (PR) from account through blog content — application-blogCWE-95 8.8AIHighAI2025-09-08
CVE-2025-52132 XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 — Mocca CalendarCWE-79 6.4 Medium2025-08-03
CVE-2025-52133 XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 — Mocca CalendarCWE-79 6.4 Medium2025-08-03
CVE-2025-52131 XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 — Mocca CalendarCWE-79 6.4 Medium2025-08-03
CVE-2025-46558 org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content — syntax-markdownCWE-79 9.1 Critical2025-04-30
CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server — jiraCWE-611 7.7 High2025-04-03
CVE-2023-49280 Data leak of password hash through xwiki change request — application-changerequestCWE-522 7.7 High2023-12-04
CVE-2023-48293 XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries — application-admintoolsCWE-352 8.8 High2023-11-20
CVE-2023-48292 XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks — application-admintoolsCWE-352 9.7 Critical2023-11-20
CVE-2023-45138 Change Request Application vulnerable to XSS and remote code execution through change request title — application-changerequestCWE-79 10.0 Critical2023-10-12
CVE-2023-22457 org.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery — application-ckeditorCWE-352 9.1 Critical2023-01-04
CVE-2022-39387 XWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication — oidcCWE-287 9.1 Critical2022-11-04

This page lists every published CVE security advisory associated with xwiki-contrib. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.