Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

XWiki serves as an open-source enterprise wiki platform, enabling organizations to create, manage, and share collaborative documentation and knowledge bases. Its architecture, built on Java and supporting complex extensions, has historically exposed it to a wide array of security flaws, resulting in 243 recorded Common Vulnerabilities and Exposures. The most prevalent issues involve Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation vulnerabilities, often stemming from improper input validation or insecure default configurations. Notable incidents have included attackers exploiting unpatched RCE flaws to gain full system control, highlighting the risks associated with its extensive plugin ecosystem. While the project maintains an active security response team, the sheer volume of disclosed defects underscores the complexity of securing a feature-rich, Java-based application. Continuous patching and strict access controls remain essential for mitigating these persistent threats in production environments.

Top products by xwiki: xwiki-platform xwiki-commons xwiki-rendering XWiki Platform org.xwiki.platform:xwiki-platform-oldcore
CVE IDTitleCVSSSeverityPublished
CVE-2023-26473 XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm — xwiki-platformCWE-284 6.5 Medium2023-03-02
CVE-2023-26474 XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author — xwiki-platformCWE-284 10.0 Critical2023-03-02
CVE-2023-26475 XWiki Platform vulnerable to Remote Code Execution in Annotations — xwiki-platformCWE-270 10.0 Critical2023-03-02
CVE-2023-26476 Two XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor — xwiki-platformCWE-200 7.5 High2023-03-02
CVE-2023-26477 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability — xwiki-platformCWE-95 10.0 Critical2023-03-02
CVE-2023-26478 org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function — xwiki-platformCWE-749 6.6 Medium2023-03-02
CVE-2023-26479 org.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions — xwiki-platformCWE-755 6.5 Medium2023-03-02
CVE-2023-26480 XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data — xwiki-platformCWE-79 8.9 High2023-03-02
CVE-2022-41927 XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags — xwiki-platformCWE-352 7.4 High2022-11-23
CVE-2022-41928 XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml — xwiki-platformCWE-95 9.9 Critical2022-11-23
CVE-2022-41929 Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore — xwiki-platformCWE-862 4.9 Medium2022-11-23
CVE-2022-41930 org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users — xwiki-platformCWE-862 7.5 High2022-11-23
CVE-2022-41931 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui — xwiki-platformCWE-95 9.9 Critical2022-11-23
CVE-2022-41932 Creation of new database tables through login form on PostgreSQL — xwiki-platformCWE-400 7.5 High2022-11-23
CVE-2022-41933 Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default — xwiki-platformCWE-312 6.2 Medium2022-11-23
CVE-2022-41934 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui — xwiki-platformCWE-74 9.9 Critical2022-11-23
CVE-2022-41935 Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui — xwiki-platformCWE-200 5.3 Medium2022-11-23
CVE-2022-41936 Exposure of Private Personal Information to an Unauthorized Actor in xwiki-platform-rest-server — xwiki-platformCWE-359 5.3 Medium2022-11-22
CVE-2022-41937 Missing Authorization in XWiki Platform — xwiki-platformCWE-862 9.6 Critical2022-11-22
CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection — xwiki-platformCWE-95 9.9 Critical2022-09-08
CVE-2022-36098 XWiki Platform Mentions UI vulnerable to Cross-site Scripting — xwiki-platformCWE-79 8.9 High2022-09-08
CVE-2022-36099 XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability — xwiki-platformCWE-95 9.9 Critical2022-09-08
CVE-2022-36097 XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form — xwiki-platformCWE-79 8.9 High2022-09-08
CVE-2022-36096 XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list — xwiki-platformCWE-79 8.9 High2022-09-08
CVE-2022-36095 XWiki Cross-Site Request Forgery (CSRF) for actions on tags — xwiki-platformCWE-352 4.3 Medium2022-09-08
CVE-2022-36094 XWiki Platform Web Parent POM vulnerable to XSS in the attachment history — xwiki-platformCWE-79 8.9 High2022-09-08
CVE-2022-36093 XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard — xwiki-platformCWE-288 8.5 High2022-09-08
CVE-2022-36092 XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action — xwiki-platformCWE-287 7.5 High2022-09-08
CVE-2022-36091 XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor — xwiki-platformCWE-862 7.5 High2022-09-08
CVE-2022-36090 org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users — xwiki-platformCWE-285 8.1 High2022-09-08

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.