目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

xwiki 厂商漏洞列表 / CVE 中文分析 243

xwiki 厂商相关 243 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

XWiki 是一款基于 Java 的企业级开源 Wiki 平台,核心用于构建知识库与协作系统。其历史漏洞多集中于远程代码执行、跨站脚本及越权访问,部分源于插件或 API 组件的输入验证缺陷。尽管项目持续强化安全机制,但累计 243 条 CVE 记录显示其攻击面较广。用户需及时更新版本并严格审查自定义扩展,以防范已知风险,确保企业数据交互的安全性。

上位製品 xwiki: xwiki-platform xwiki-commons xwiki-rendering XWiki Platform org.xwiki.platform:xwiki-platform-oldcore
CVE IDタイトルCVSS深刻度公開日
CVE-2024-37899 Disabling a user account changes its author, allowing RCE from user account in XWiki — xwiki-platformCWE-94 9.1 Critical2024-06-20
CVE-2024-31997 XWiki Platform remote code execution from account through UIExtension parameters — xwiki-platformCWE-862 10.0 Critical2024-04-10
CVE-2024-31996 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution — xwiki-commonsCWE-95 10.0 Critical2024-04-10
CVE-2024-31988 XWiki Platform CSRF remote code execution through the realtime HTML Converter API — xwiki-platformCWE-352 9.7 Critical2024-04-10
CVE-2024-31987 XWiki Platform remote code execution from account via custom skins support — xwiki-platformCWE-862 10.0 Critical2024-04-10
CVE-2024-31986 XWiki Platform CSRF remote code execution through scheduler job's document reference — xwiki-platformCWE-352 9.1 Critical2024-04-10
CVE-2024-31985 XWiki Platform CSRF in the job scheduler — xwiki-platformCWE-352 5.4 Medium2024-04-10
CVE-2024-31984 XWiki Platform: Remote code execution through space title and Solr space facet — xwiki-platformCWE-95 10.0 Critical2024-04-10
CVE-2024-31983 XWiki Platform: Remote code execution from edit in multilingual wikis via translations — xwiki-platformCWE-862 10.0 Critical2024-04-10
CVE-2024-31982 XWiki Platform: Remote code execution as guest via DatabaseSearch — xwiki-platformCWE-95 10.0 Critical2024-04-10
CVE-2024-31981 XWiki Platform: Privilege escalation (PR) from user registration through PDFClass — xwiki-platformCWE-862 10.0 Critical2024-04-10
CVE-2024-31465 XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet — xwiki-platformCWE-95 10.0 Critical2024-04-10
CVE-2024-31464 XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted — xwiki-platformCWE-200 6.8 Medium2024-04-10
CVE-2024-21648 XWiki has no right protection on rollback action — xwiki-platformCWE-274 8.0 High2024-01-08
CVE-2024-21651 XWiki Denial of Service attack through attachments — xwiki-platformCWE-400 7.5 High2024-01-08
CVE-2024-21650 XWiki Remote Code Execution vulnerability via user registration — xwiki-platformCWE-95 10.0 Critical2024-01-08
CVE-2023-50732 Velocity execution without script right through tree macro — xwiki-platformCWE-863 8.3 High2023-12-21
CVE-2023-50723 XWiki Platform remote code execution/programming rights with configuration section from any user account — xwiki-platformCWE-95 10.0 Critical2023-12-15
CVE-2023-50722 XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass — xwiki-platformCWE-79 9.7 Critical2023-12-15
CVE-2023-50721 XWiki Platform RCE from account through SearchAdmin — xwiki-platformCWE-95 10.0 Critical2023-12-15
CVE-2023-50719 XWiki Platform Solr search discloses password hashes of all users — xwiki-platformCWE-359 7.5 High2023-12-15
CVE-2023-50720 XWiki Platform Solr search discloses email addresses of users — xwiki-platformCWE-200 5.3 Medium2023-12-15
CVE-2023-48241 XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service — xwiki-platformCWE-285 7.5 High2023-11-20
CVE-2023-48240 XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery — xwiki-platformCWE-201 9.1 Critical2023-11-20
CVE-2023-46243 Code execution via the edit action in XWiki platform — xwiki-platformCWE-94 10.0 Critical2023-11-07
CVE-2023-46242 Code injection in XWiki Platform — xwiki-platformCWE-94 9.7 Critical2023-11-07
CVE-2023-46244 Privilege escalation in Xwiki platform — xwiki-platformCWE-863 9.1 Critical2023-11-07
CVE-2023-46731 Remote code execution through the section parameter in Administration as guest in XWiki Platform — xwiki-platformCWE-94 10.0 Critical2023-11-06
CVE-2023-46732 Reflected Cross-site scripting through revision parameter in content menu in XWiki Platform — xwiki-platformCWE-79 9.7 Critical2023-11-06
CVE-2023-45137 XWiki Platform XSS with edit right in the create document form for existing pages — xwiki-platformCWE-79 9.1 Critical2023-10-25

本页汇总了 xwiki 厂商截至目前公开的全部 243 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。