Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwiki — Vulnerabilities & Security Advisories 243

Browse all 243 CVE security advisories affecting xwiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

XWiki serves as an open-source enterprise wiki platform, enabling organizations to create, manage, and share collaborative documentation and knowledge bases. Its architecture, built on Java and supporting complex extensions, has historically exposed it to a wide array of security flaws, resulting in 243 recorded Common Vulnerabilities and Exposures. The most prevalent issues involve Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation vulnerabilities, often stemming from improper input validation or insecure default configurations. Notable incidents have included attackers exploiting unpatched RCE flaws to gain full system control, highlighting the risks associated with its extensive plugin ecosystem. While the project maintains an active security response team, the sheer volume of disclosed defects underscores the complexity of securing a feature-rich, Java-based application. Continuous patching and strict access controls remain essential for mitigating these persistent threats in production environments.

Found 1 results / 243Clear Filters
Top products by xwiki: xwiki-platform xwiki-commons xwiki-rendering XWiki Platform org.xwiki.platform:xwiki-platform-oldcore
MediumXWIKI-234722026-04-18
XWIKI-23472: URL generation in the changes view is broken · xwiki/xwiki-platform@3c8a2ec · GitHub
LowXWIKI-235502026-04-18
XWIKI-23550: DBListClass should respect query limit · xwiki/xwiki-platform@47b568c · GitHub
Medium2026-04-18
REST APIs can list all pages/spaces, leading to unavailability · Advisory · xwiki/xwiki-platform · GitHub
HighXWIKI-236982026-04-09
XWIKI-23698: ScriptXWikiServletRequest#getRequest() should only be av… · xwiki/xwiki-platform@9fe84da · GitHub
MediumCVE-2026-260002026-02-21
Click-jacking through CSS injection in comments · Advisory · xwiki/xwiki-platform · GitHub
UnknownCVE-2026-241282026-01-27
Reflected Cross-Site Scripting (XSS) in Error Messages · Advisory · xwiki/xwiki-platform · GitHub
HighCVE-2025-650362025-12-06
Remote code execution using the confluence details summary macro · Advisory · xwikisas/xwiki-pro-macros · GitHub
High2025-11-14
XWIKI-21337: Apply PDF templates with the rights of their authors · xwiki/xwiki-platform@a4ad14d · GitHub
CriticalCVE-2023-295112025-11-10
Privilege escalation (PR) from account/view through AdminFieldsDisplaySheet and admin.vm · Advisory · xwiki/xwiki-platfo
CriticalCVE-2025-557302025-09-11
Remote code execution using the confluence paste code macro · Advisory · xwikisas/xwiki-pro-macros · GitHub
Medium2025-09-11
Merge commit from fork · xwikisas/xwiki-pro-macros@05651ad · GitHub
CriticalCVE-2025-557292025-09-11
Remote code execution using the ConfluenceLayoutSection macro · Advisory · xwikisas/xwiki-pro-macros · GitHub
HighCVE-2025-583652025-09-10
Privilege escalation (PR) from account through blog content · Advisory · xwiki-contrib/application-blog · GitHub
Medium2025-09-05
XWIKI-23109 XWIKI-19350: Improve resource validation · xwiki/xwiki-platform@9e7b4c0 · GitHub
MediumXWIKI-231092025-09-05
XWIKI-23109 XWIKI-19350: Improve resource validation · xwiki/xwiki-platform@9e7b4c0 · GitHub
CriticalCVE-2025-557472025-09-05
Configuration files can be accessed through the webjars API · Advisory · xwiki/xwiki-platform · GitHub
MediumCVE-2025-519902025-08-23
cve-writeups/CVE-2025-51990.md at main · malcxlmj/cve-writeups · GitHub
HighXWIKI-228102025-08-07
XWIKI-22810: Introduce and use proper APIs to filter sensitive fields… · xwiki/xwiki-platform@742ee34 · GitHub
MediumCVE-2025-324302025-08-07
Reflected XSS in two templates · Advisory · xwiki/xwiki-platform · GitHub
HighCVE-2025-541252025-08-07
Passwords and emails stored in fields not named password/email exposed in xml.vm · Advisory · xwiki/xwiki-platform · Git

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with xwiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.