Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

XWiki serves as an open-source enterprise wiki platform, enabling organizations to create, manage, and share collaborative documentation and knowledge bases. Its architecture, built on Java and supporting complex extensions, has historically exposed it to a wide array of security flaws, resulting in 243 recorded Common Vulnerabilities and Exposures. The most prevalent issues involve Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation vulnerabilities, often stemming from improper input validation or insecure default configurations. Notable incidents have included attackers exploiting unpatched RCE flaws to gain full system control, highlighting the risks associated with its extensive plugin ecosystem. While the project maintains an active security response team, the sheer volume of disclosed defects underscores the complexity of securing a feature-rich, Java-based application. Continuous patching and strict access controls remain essential for mitigating these persistent threats in production environments.

Top products by xwiki: xwiki-platform xwiki-commons xwiki-rendering XWiki Platform org.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPublished
CVE-2024-37899 Disabling a user account changes its author, allowing RCE from user account in XWiki — xwiki-platformCWE-94 9.1 Critical2024-06-20
CVE-2024-31997 XWiki Platform remote code execution from account through UIExtension parameters — xwiki-platformCWE-862 10.0 Critical2024-04-10
CVE-2024-31996 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution — xwiki-commonsCWE-95 10.0 Critical2024-04-10
CVE-2024-31988 XWiki Platform CSRF remote code execution through the realtime HTML Converter API — xwiki-platformCWE-352 9.7 Critical2024-04-10
CVE-2024-31987 XWiki Platform remote code execution from account via custom skins support — xwiki-platformCWE-862 10.0 Critical2024-04-10
CVE-2024-31986 XWiki Platform CSRF remote code execution through scheduler job's document reference — xwiki-platformCWE-352 9.1 Critical2024-04-10
CVE-2024-31985 XWiki Platform CSRF in the job scheduler — xwiki-platformCWE-352 5.4 Medium2024-04-10
CVE-2024-31984 XWiki Platform: Remote code execution through space title and Solr space facet — xwiki-platformCWE-95 10.0 Critical2024-04-10
CVE-2024-31983 XWiki Platform: Remote code execution from edit in multilingual wikis via translations — xwiki-platformCWE-862 10.0 Critical2024-04-10
CVE-2024-31982 XWiki Platform: Remote code execution as guest via DatabaseSearch — xwiki-platformCWE-95 10.0 Critical2024-04-10
CVE-2024-31981 XWiki Platform: Privilege escalation (PR) from user registration through PDFClass — xwiki-platformCWE-862 10.0 Critical2024-04-10
CVE-2024-31465 XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet — xwiki-platformCWE-95 10.0 Critical2024-04-10
CVE-2024-31464 XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted — xwiki-platformCWE-200 6.8 Medium2024-04-10
CVE-2024-21648 XWiki has no right protection on rollback action — xwiki-platformCWE-274 8.0 High2024-01-08
CVE-2024-21651 XWiki Denial of Service attack through attachments — xwiki-platformCWE-400 7.5 High2024-01-08
CVE-2024-21650 XWiki Remote Code Execution vulnerability via user registration — xwiki-platformCWE-95 10.0 Critical2024-01-08
CVE-2023-50732 Velocity execution without script right through tree macro — xwiki-platformCWE-863 8.3 High2023-12-21
CVE-2023-50723 XWiki Platform remote code execution/programming rights with configuration section from any user account — xwiki-platformCWE-95 10.0 Critical2023-12-15
CVE-2023-50722 XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass — xwiki-platformCWE-79 9.7 Critical2023-12-15
CVE-2023-50721 XWiki Platform RCE from account through SearchAdmin — xwiki-platformCWE-95 10.0 Critical2023-12-15
CVE-2023-50719 XWiki Platform Solr search discloses password hashes of all users — xwiki-platformCWE-359 7.5 High2023-12-15
CVE-2023-50720 XWiki Platform Solr search discloses email addresses of users — xwiki-platformCWE-200 5.3 Medium2023-12-15
CVE-2023-48241 XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service — xwiki-platformCWE-285 7.5 High2023-11-20
CVE-2023-48240 XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery — xwiki-platformCWE-201 9.1 Critical2023-11-20
CVE-2023-46243 Code execution via the edit action in XWiki platform — xwiki-platformCWE-94 10.0 Critical2023-11-07
CVE-2023-46242 Code injection in XWiki Platform — xwiki-platformCWE-94 9.7 Critical2023-11-07
CVE-2023-46244 Privilege escalation in Xwiki platform — xwiki-platformCWE-863 9.1 Critical2023-11-07
CVE-2023-46731 Remote code execution through the section parameter in Administration as guest in XWiki Platform — xwiki-platformCWE-94 10.0 Critical2023-11-06
CVE-2023-46732 Reflected Cross-site scripting through revision parameter in content menu in XWiki Platform — xwiki-platformCWE-79 9.7 Critical2023-11-06
CVE-2023-45137 XWiki Platform XSS with edit right in the create document form for existing pages — xwiki-platformCWE-79 9.1 Critical2023-10-25

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.