Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

XWiki serves as an open-source enterprise wiki platform, enabling organizations to create, manage, and share collaborative documentation and knowledge bases. Its architecture, built on Java and supporting complex extensions, has historically exposed it to a wide array of security flaws, resulting in 243 recorded Common Vulnerabilities and Exposures. The most prevalent issues involve Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation vulnerabilities, often stemming from improper input validation or insecure default configurations. Notable incidents have included attackers exploiting unpatched RCE flaws to gain full system control, highlighting the risks associated with its extensive plugin ecosystem. While the project maintains an active security response team, the sheer volume of disclosed defects underscores the complexity of securing a feature-rich, Java-based application. Continuous patching and strict access controls remain essential for mitigating these persistent threats in production environments.

Found 227 results / 243Clear Filters
Top products by xwiki: xwiki-platform xwiki-commons xwiki-rendering XWiki Platform org.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPublished
CVE-2023-34464 XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template — xwiki-platformCWE-79 9.1 Critical2023-06-23
CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel — xwiki-platformCWE-863 10.0 Critical2023-06-20
CVE-2023-32068 URL Redirection to Untrusted Site in XWiki — xwiki-platformCWE-601 4.7 Medium2023-05-15
CVE-2023-32071 XWiki Platform vulnerable to RXSS via editor parameter - importinline template — xwiki-platformCWE-116 9.1 Critical2023-05-09
CVE-2023-32069 XWiki Platform privilege escalation (PR)/RCE from account through class sheet — xwiki-platformCWE-863 10.0 Critical2023-05-09
CVE-2023-29517 Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer — xwiki-platformCWE-200 7.5 High2023-04-18
CVE-2023-29516 Code injection from view right on XWiki.AttachmentSelector in xwiki-platform — xwiki-platformCWE-74 9.9 Critical2023-04-18
CVE-2023-29515 Cross-site scripting (XSS) in xwiki-platform — xwiki-platformCWE-79 7.7 High2023-04-18
CVE-2023-29514 Code injection in template provider administration in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29513 Users can be created even when registration is disabled without validation via the template macro in xwiki-platform — xwiki-platformCWE-284 5.0 Medium2023-04-18
CVE-2023-29512 Code injection in xwiki-platform-web-templates — xwiki-platformCWE-74 9.9 Critical2023-04-18
CVE-2023-29510 Code injection via unescaped translations in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29522 Code injection from view right on XWiki.ClassSheet in xwiki-platform — xwiki-platformCWE-74 9.9 Critical2023-04-18
CVE-2023-29521 Code injection from account/view through VFS Tree macro in xwiki-platform — xwiki-platformCWE-74 8.4 High2023-04-18
CVE-2023-29520 Page render failure due to broken translations in xwiki-platform — xwiki-platformCWE-248 4.3 Medium2023-04-18
CVE-2023-29519 Code injection in org.xwiki.platform:xwiki-platform-attachment-ui — xwiki-platformCWE-74 9.1 Critical2023-04-18
CVE-2023-29518 Code injection from view right using Invitation.InvitationCommon in xwiki-platform — xwiki-platformCWE-74 9.9 Critical2023-04-18
CVE-2023-29523 Code injection in display method used in user profiles in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29524 Code injection from account through XWiki.SchedulerJobSheet in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29525 Privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29526 Async and display macro allow displaying and interacting with any document in restricted mode — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29527 Code injection from account through AWM view sheet in xwiki platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29213 org.xwiki.platform:xwiki-platform-logging-ui Injection vulnerability — xwiki-platformCWE-74 9.1 Critical2023-04-17
CVE-2023-29511 xwiki-platform-administration-ui vulnerable to privilege escalation — xwiki-platformCWE-95 9.9 Critical2023-04-16
CVE-2023-30537 org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation — xwiki-platformCWE-95 9.9 Critical2023-04-16
CVE-2023-29509 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-16
CVE-2023-29508 org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting — xwiki-platformCWE-80 8.9 High2023-04-16
CVE-2023-29507 org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors — xwiki-platformCWE-648 9.1 Critical2023-04-16
CVE-2023-29506 org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticated endpoints — xwiki-platformCWE-79 5.4 Medium2023-04-16
CVE-2023-29214 org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-16

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.