Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

XWiki serves as an open-source enterprise wiki platform, enabling organizations to create, manage, and share collaborative documentation and knowledge bases. Its architecture, built on Java and supporting complex extensions, has historically exposed it to a wide array of security flaws, resulting in 243 recorded Common Vulnerabilities and Exposures. The most prevalent issues involve Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation vulnerabilities, often stemming from improper input validation or insecure default configurations. Notable incidents have included attackers exploiting unpatched RCE flaws to gain full system control, highlighting the risks associated with its extensive plugin ecosystem. While the project maintains an active security response team, the sheer volume of disclosed defects underscores the complexity of securing a feature-rich, Java-based application. Continuous patching and strict access controls remain essential for mitigating these persistent threats in production environments.

Top products by xwiki: xwiki-platform xwiki-commons xwiki-rendering XWiki Platform org.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPublished
CVE-2023-29525 Privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29526 Async and display macro allow displaying and interacting with any document in restricted mode — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29527 Code injection from account through AWM view sheet in xwiki platform — xwiki-platformCWE-74 10.0 Critical2023-04-18
CVE-2023-29213 org.xwiki.platform:xwiki-platform-logging-ui Injection vulnerability — xwiki-platformCWE-74 9.1 Critical2023-04-17
CVE-2023-29511 xwiki-platform-administration-ui vulnerable to privilege escalation — xwiki-platformCWE-95 9.9 Critical2023-04-16
CVE-2023-30537 org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation — xwiki-platformCWE-95 9.9 Critical2023-04-16
CVE-2023-29509 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-16
CVE-2023-29508 org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting — xwiki-platformCWE-80 8.9 High2023-04-16
CVE-2023-29507 org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors — xwiki-platformCWE-648 9.1 Critical2023-04-16
CVE-2023-29506 org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticated endpoints — xwiki-platformCWE-79 5.4 Medium2023-04-16
CVE-2023-29214 org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-16
CVE-2023-29212 xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-16
CVE-2023-29211 org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-16
CVE-2023-29210 org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-15
CVE-2023-29209 org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-15
CVE-2023-29208 Data leak through deleted documents — xwiki-platformCWE-668 7.5 High2023-04-15
CVE-2023-29207 Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro — xwiki-platformCWE-79 8.9 High2023-04-15
CVE-2023-29206 org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins — xwiki-platformCWE-79 9.1 Critical2023-04-15
CVE-2023-29205 org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro — xwiki-platformCWE-79 10.0 Critical2023-04-15
CVE-2023-29204 URL Redirection to Untrusted Site ('Open Redirect') in org.xwiki.platform:xwiki-platform-oldcore — xwiki-platformCWE-601 4.7 Medium2023-04-15
CVE-2023-29203 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm — xwiki-platformCWE-359 3.7 Low2023-04-15
CVE-2023-29202 org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability — xwiki-platformCWE-79 9.1 Critical2023-04-15
CVE-2023-29201 org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability — xwiki-commonsCWE-79 9.1 Critical2023-04-15
CVE-2023-27480 Data leak through a XAR import XXE attack in xwiki-platform-xar-model — xwiki-platformCWE-611 7.7 High2023-03-07
CVE-2023-27479 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui — xwiki-platformCWE-74 10.0 Critical2023-03-07
CVE-2023-26055 XWiki Commons may allow privilege escalation to programming rights via user's first name — xwiki-commonsCWE-150 10.0 Critical2023-03-02
CVE-2023-26056 XWiki Platform allows macro execution as any user without programming rights through the context macro — xwiki-platformCWE-863 5.4 Medium2023-03-02
CVE-2023-26470 In XWiki Platform, saving a document with a large object number leads to persistent OOM errors — xwiki-platformCWE-400 5.7 Medium2023-03-02
CVE-2023-26471 XWiki Platform users may execute anything with superadmin right through comments and async macro — xwiki-platformCWE-284 10.0 Critical2023-03-02
CVE-2023-26472 XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile — xwiki-platformCWE-116 10.0 Critical2023-03-02

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.