Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

xwiki — Vulnerabilities & Security Advisories 245

Browse all 245 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

XWiki serves as an open-source enterprise wiki platform, enabling organizations to create, manage, and share collaborative documentation and knowledge bases. Its architecture, built on Java and supporting complex extensions, has historically exposed it to a wide array of security flaws, resulting in 243 recorded Common Vulnerabilities and Exposures. The most prevalent issues involve Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation vulnerabilities, often stemming from improper input validation or insecure default configurations. Notable incidents have included attackers exploiting unpatched RCE flaws to gain full system control, highlighting the risks associated with its extensive plugin ecosystem. While the project maintains an active security response team, the sheer volume of disclosed defects underscores the complexity of securing a feature-rich, Java-based application. Continuous patching and strict access controls remain essential for mitigating these persistent threats in production environments.

Found 228 results / 245Clear Filters
Top products by xwiki: xwiki-platform xwiki-commons xwiki-rendering XWiki Platform org.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPublished
CVE-2022-23620 Path traversal in xwiki-platform-skin-skinx — xwiki-platformCWE-22 6.8 Medium2022-02-09
CVE-2022-23619 Information exposure in xwiki-platform — xwiki-platformCWE-200 5.3 Medium2022-02-09
CVE-2022-23618 Open Redirect in xwiki-platform — xwiki-platformCWE-601 4.7 Medium2022-02-09
CVE-2022-23617 Missing authorization in xwiki-platform — xwiki-platformCWE-862 6.5 Medium2022-02-09
CVE-2022-23616 Remote code execution in xwiki-platform — xwiki-platformCWE-74 8.8 High2022-02-09
CVE-2022-23615 Partial authorization bypass on document save in xwiki-platform — xwiki-platformCWE-863 5.4 Medium2022-02-09
CVE-2021-43841 XSS by SVG upload in xwiki-platform — xwiki-platformCWE-79 5.4 Medium2022-02-04
CVE-2021-32732 Cross-Site Request Forgery in xwiki-platform — xwiki-platformCWE-352 7.5 High2022-02-04
CVE-2021-32731 The reset password form reveal users email address — xwiki-platformCWE-200 5.3 Medium2021-07-01
CVE-2021-32730 No CSRF protection on the password change form — xwiki-platformCWE-352 5.7 Medium2021-07-01
CVE-2021-32729 A user without PR can reset user authentication failures information — xwiki-platformCWE-693 2.0 Low2021-07-01
CVE-2021-32620 Users registered with email verification can self re-activate their disabled accounts — xwiki-platformCWE-285 8.8 High2021-05-28
CVE-2021-32621 Script injection without script or programming rights through Gadget titles — xwiki-platformCWE-94 8.8 High2021-05-28
CVE-2021-29459 XSS Cross Site Scripting — xwiki-platformCWE-79 9.6 Critical2021-04-20
CVE-2021-21380 Rating Script Service expose XWiki to SQL injection — xwiki-platformCWE-89 7.7 High2021-03-23
CVE-2021-21379 It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro — xwiki-platformCWE-281 7.7 High2021-03-12
CVE-2020-15252 RCE in XWiki — xwiki-platformCWE-94 8.5 High2020-10-16
CVE-2020-15171 Users with SCRIPT rights can execute arbitrary code in XWiki — xwiki-platformCWE-94 6.6 Medium2020-09-10

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.