Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

XWiki serves as an open-source enterprise wiki platform, enabling organizations to create, manage, and share collaborative documentation and knowledge bases. Its architecture, built on Java and supporting complex extensions, has historically exposed it to a wide array of security flaws, resulting in 243 recorded Common Vulnerabilities and Exposures. The most prevalent issues involve Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation vulnerabilities, often stemming from improper input validation or insecure default configurations. Notable incidents have included attackers exploiting unpatched RCE flaws to gain full system control, highlighting the risks associated with its extensive plugin ecosystem. While the project maintains an active security response team, the sheer volume of disclosed defects underscores the complexity of securing a feature-rich, Java-based application. Continuous patching and strict access controls remain essential for mitigating these persistent threats in production environments.

Found 227 results / 243Clear Filters
Top products by xwiki: xwiki-platform xwiki-commons xwiki-rendering XWiki Platform org.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPublished
CVE-2023-37910 org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move — xwiki-platformCWE-862 8.1 High2023-10-25
CVE-2023-37909 Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet — xwiki-platformCWE-95 10.0 Critical2023-10-25
CVE-2023-41046 Velocity execution without script rights in Xwiki platform — xwiki-platformCWE-862 6.3 Medium2023-09-01
CVE-2023-40573 XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution — xwiki-platformCWE-284 9.1 Critical2023-08-24
CVE-2023-40572 XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action — xwiki-platformCWE-352 9.1 Critical2023-08-24
CVE-2023-40177 XWiki Platform privilege escalation (PR) from account through AWM content fields — xwiki-platformCWE-95 9.9 Critical2023-08-23
CVE-2023-40176 SXSS in the user profile via the timezone displayer — xwiki-platformCWE-79 9.1 Critical2023-08-23
CVE-2023-37914 Privilege escalation (PR)/RCE from account through Invitation subject/message — xwiki-platformCWE-94 9.9 Critical2023-08-17
CVE-2023-38509 XWiki Platform's obfuscated email addresses should not be sorted — xwiki-platformCWE-402 4.3 Medium2023-07-27
CVE-2023-37462 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-skin-ui — xwiki-platformCWE-74 10.0 Critical2023-07-14
CVE-2023-37277 XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API — xwiki-platformCWE-352 9.7 Critical2023-07-10
CVE-2023-36477 Persistent Cross-site Scripting (XSS) through CKEditor Configuration pages in XWiki Platform — xwiki-platformCWE-79 9.1 Critical2023-06-30
CVE-2023-36468 Upgrading doesn't prevent exploiting vulnerable XWiki documents — xwiki-platformCWE-459 10.0 Critical2023-06-29
CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform — xwiki-platformCWE-74 10.0 Critical2023-06-29
CVE-2023-36470 Code injection in icon themes of XWiki Platform — xwiki-platformCWE-74 10.0 Critical2023-06-29
CVE-2023-35162 XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template — xwiki-platformCWE-79 9.7 Critical2023-06-23
CVE-2023-35161 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page — xwiki-platformCWE-87 9.7 Critical2023-06-23
CVE-2023-35160 XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template — xwiki-platformCWE-87 9.7 Critical2023-06-23
CVE-2023-35159 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template — xwiki-platformCWE-87 9.7 Critical2023-06-23
CVE-2023-35158 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template — xwiki-platformCWE-87 9.7 Critical2023-06-23
CVE-2023-35157 XWiki Platform vulnerable to reflected cross-site scripting via delattachment action — xwiki-platformCWE-80 8.5 High2023-06-23
CVE-2023-35156 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template — xwiki-platformCWE-87 9.7 Critical2023-06-23
CVE-2023-35155 XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email — xwiki-platformCWE-79 8.8 High2023-06-23
CVE-2023-35153 XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters — xwiki-platformCWE-79 9.1 Critical2023-06-23
CVE-2023-35152 XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults — xwiki-platformCWE-95 10.0 Critical2023-06-23
CVE-2023-35151 XWiki Platform may show email addresses in clear in REST results — xwiki-platformCWE-359 7.5 High2023-06-23
CVE-2023-35150 XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application — xwiki-platformCWE-95 9.9 Critical2023-06-23
CVE-2023-34467 XWiki Platform may retrieve email addresses of all users — xwiki-platformCWE-402 7.5 High2023-06-23
CVE-2023-34466 XWiki Platform's tags on non-viewable pages can be revealed to users — xwiki-platformCWE-200 4.3 Medium2023-06-23
CVE-2023-34465 XWiki Platform's Mail.MailConfig can be edited by any user with edit rights — xwiki-platformCWE-269 10.0 Critical2023-06-23

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.