Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

XWiki serves as an open-source enterprise wiki platform, enabling organizations to create, manage, and share collaborative documentation and knowledge bases. Its architecture, built on Java and supporting complex extensions, has historically exposed it to a wide array of security flaws, resulting in 243 recorded Common Vulnerabilities and Exposures. The most prevalent issues involve Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation vulnerabilities, often stemming from improper input validation or insecure default configurations. Notable incidents have included attackers exploiting unpatched RCE flaws to gain full system control, highlighting the risks associated with its extensive plugin ecosystem. While the project maintains an active security response team, the sheer volume of disclosed defects underscores the complexity of securing a feature-rich, Java-based application. Continuous patching and strict access controls remain essential for mitigating these persistent threats in production environments.

Found 227 results / 243Clear Filters
Top products by xwiki: xwiki-platform xwiki-commons xwiki-rendering XWiki Platform org.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPublished
CVE-2023-29212 xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-16
CVE-2023-29211 org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-16
CVE-2023-29210 org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-15
CVE-2023-29209 org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-04-15
CVE-2023-29208 Data leak through deleted documents — xwiki-platformCWE-668 7.5 High2023-04-15
CVE-2023-29207 Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro — xwiki-platformCWE-79 8.9 High2023-04-15
CVE-2023-29206 org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins — xwiki-platformCWE-79 9.1 Critical2023-04-15
CVE-2023-29205 org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro — xwiki-platformCWE-79 10.0 Critical2023-04-15
CVE-2023-29204 URL Redirection to Untrusted Site ('Open Redirect') in org.xwiki.platform:xwiki-platform-oldcore — xwiki-platformCWE-601 4.7 Medium2023-04-15
CVE-2023-29203 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm — xwiki-platformCWE-359 3.7 Low2023-04-15
CVE-2023-29202 org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability — xwiki-platformCWE-79 9.1 Critical2023-04-15
CVE-2023-27480 Data leak through a XAR import XXE attack in xwiki-platform-xar-model — xwiki-platformCWE-611 7.7 High2023-03-07
CVE-2023-27479 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui — xwiki-platformCWE-74 10.0 Critical2023-03-07
CVE-2023-26056 XWiki Platform allows macro execution as any user without programming rights through the context macro — xwiki-platformCWE-863 5.4 Medium2023-03-02
CVE-2023-26470 In XWiki Platform, saving a document with a large object number leads to persistent OOM errors — xwiki-platformCWE-400 5.7 Medium2023-03-02
CVE-2023-26471 XWiki Platform users may execute anything with superadmin right through comments and async macro — xwiki-platformCWE-284 10.0 Critical2023-03-02
CVE-2023-26472 XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile — xwiki-platformCWE-116 10.0 Critical2023-03-02
CVE-2023-26473 XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm — xwiki-platformCWE-284 6.5 Medium2023-03-02
CVE-2023-26474 XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author — xwiki-platformCWE-284 10.0 Critical2023-03-02
CVE-2023-26475 XWiki Platform vulnerable to Remote Code Execution in Annotations — xwiki-platformCWE-270 10.0 Critical2023-03-02
CVE-2023-26476 Two XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor — xwiki-platformCWE-200 7.5 High2023-03-02
CVE-2023-26477 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-03-02
CVE-2023-26478 org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function — xwiki-platformCWE-749 6.6 Medium2023-03-02
CVE-2023-26479 org.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions — xwiki-platformCWE-755 6.5 Medium2023-03-02
CVE-2023-26480 XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data — xwiki-platformCWE-79 8.9 High2023-03-02
CVE-2022-41927 XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags — xwiki-platformCWE-352 7.4 High2022-11-23
CVE-2022-41928 XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml — xwiki-platformCWE-95 9.9 Critical2022-11-23
CVE-2022-41929 Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore — xwiki-platformCWE-862 4.9 Medium2022-11-23
CVE-2022-41930 org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users — xwiki-platformCWE-862 7.5 High2022-11-23
CVE-2022-41931 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui — xwiki-platformCWE-95 9.9 Critical2022-11-23

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.