Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

XWiki serves as an open-source enterprise wiki platform, enabling organizations to create, manage, and share collaborative documentation and knowledge bases. Its architecture, built on Java and supporting complex extensions, has historically exposed it to a wide array of security flaws, resulting in 243 recorded Common Vulnerabilities and Exposures. The most prevalent issues involve Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation vulnerabilities, often stemming from improper input validation or insecure default configurations. Notable incidents have included attackers exploiting unpatched RCE flaws to gain full system control, highlighting the risks associated with its extensive plugin ecosystem. While the project maintains an active security response team, the sheer volume of disclosed defects underscores the complexity of securing a feature-rich, Java-based application. Continuous patching and strict access controls remain essential for mitigating these persistent threats in production environments.

Top products by xwiki: xwiki-platform xwiki-commons xwiki-rendering XWiki Platform org.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPublished
CVE-2023-35155 XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email — xwiki-platformCWE-79 8.8 High2023-06-23
CVE-2023-35153 XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters — xwiki-platformCWE-79 9.1 Critical2023-06-23
CVE-2023-35152 XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults — xwiki-platformCWE-95 10.0 Critical2023-06-23
CVE-2023-35151 XWiki Platform may show email addresses in clear in REST results — xwiki-platformCWE-359 7.5 High2023-06-23
CVE-2023-35150 XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application — xwiki-platformCWE-95 9.9 Critical2023-06-23
CVE-2023-34467 XWiki Platform may retrieve email addresses of all users — xwiki-platformCWE-402 7.5 High2023-06-23
CVE-2023-34466 XWiki Platform's tags on non-viewable pages can be revealed to users — xwiki-platformCWE-200 4.3 Medium2023-06-23
CVE-2023-34465 XWiki Platform's Mail.MailConfig can be edited by any user with edit rights — xwiki-platformCWE-269 10.0 Critical2023-06-23
CVE-2023-34464 XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template — xwiki-platformCWE-79 9.1 Critical2023-06-23
CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel — xwiki-platformCWE-863 10.0 Critical2023-06-20
CVE-2023-32068 URL Redirection to Untrusted Site in XWiki — xwiki-platformCWE-601 4.7 Medium2023-05-15
CVE-2023-32070 Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers — xwiki-renderingCWE-83 9.1 Critical2023-05-10
CVE-2023-32071 XWiki Platform vulnerable to RXSS via editor parameter - importinline template — xwiki-platformCWE-116 9.1 Critical2023-05-09
CVE-2023-32069 XWiki Platform privilege escalation (PR)/RCE from account through class sheet — xwiki-platformCWE-863 10.0 Critical2023-05-09
CVE-2023-31126 Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml — xwiki-commonsCWE-86 9.1 Critical2023-05-09
CVE-2023-29528 Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml — xwiki-commonsCWE-79 9.1 Critical2023-04-20
CVE-2023-29517 Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer — xwiki-platformCWE-200 7.5 High2023-04-18
CVE-2023-29516 Code injection from view right on XWiki.AttachmentSelector in xwiki-platform — xwiki-platformCWE-74 9.9 Critical2023-04-18
CVE-2023-29515 Cross-site scripting (XSS) in xwiki-platform — xwiki-platformCWE-79 7.7 High2023-04-18
CVE-2023-29514 Code injection in template provider administration in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29513 Users can be created even when registration is disabled without validation via the template macro in xwiki-platform — xwiki-platformCWE-284 5.0 Medium2023-04-18
CVE-2023-29512 Code injection in xwiki-platform-web-templates — xwiki-platformCWE-74 9.9 Critical2023-04-18
CVE-2023-29510 Code injection via unescaped translations in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29522 Code injection from view right on XWiki.ClassSheet in xwiki-platform — xwiki-platformCWE-74 9.9 Critical2023-04-18
CVE-2023-29521 Code injection from account/view through VFS Tree macro in xwiki-platform — xwiki-platformCWE-74 8.4 High2023-04-18
CVE-2023-29520 Page render failure due to broken translations in xwiki-platform — xwiki-platformCWE-248 4.3 Medium2023-04-18
CVE-2023-29519 Code injection in org.xwiki.platform:xwiki-platform-attachment-ui — xwiki-platformCWE-74 9.1 Critical2023-04-18
CVE-2023-29518 Code injection from view right using Invitation.InvitationCommon in xwiki-platform — xwiki-platformCWE-74 9.9 Critical2023-04-18
CVE-2023-29523 Code injection in display method used in user profiles in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29524 Code injection from account through XWiki.SchedulerJobSheet in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.