Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xwikisas — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting xwikisas. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Xwikisas is an enterprise collaboration platform used for wiki, application development, and document management. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting attacks, and privilege escalation flaws, with 18 CVEs documented. The platform's Java-based architecture and extensive plugin ecosystem have introduced security challenges, particularly in input validation and access control. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests a need for rigorous patch management and security hardening. Its open-source nature allows for community-driven security improvements, though organizations should remain vigilant about emerging threats.

Top products by xwikisas: xwiki-pro-macros macro-pdfviewer application-confluence-migrator-pro identity-oauth application-collabora application-licensing application-urlshortener application-admintools
CVE IDTitleCVSSSeverityPublished
CVE-2025-65036 XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro — xwiki-pro-macrosCWE-862 8.3 High2025-12-05
CVE-2025-65089 XWiki view file macro: User can view content of office file without view rights on the attachment — xwiki-pro-macrosCWE-862 6.8 Medium2025-11-19
CVE-2025-54990 XWiki AdminTools application doesn't set permissions on the AdminTools space — application-admintoolsCWE-276 5.3 Medium2025-11-18
CVE-2025-55730 XWiki Remote Macros vulnerable to remote code execution using the confluence paste code macro — xwiki-pro-macrosCWE-116 10.0 Critical2025-09-09
CVE-2025-55729 XWiki Remote Macros vulnerable to remote code execution using the ConfluenceLayoutSection macro — xwiki-pro-macrosCWE-116 10.0 Critical2025-09-09
CVE-2025-55728 XWiki Remote Macros vulnerable to remote code execution using the panel macro — xwiki-pro-macrosCWE-95 10.0 Critical2025-09-09
CVE-2025-55727 XWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro — xwiki-pro-macrosCWE-95 10.0 Critical2025-09-09
CVE-2025-48885 application-urlshortener users can create arbitrary pages as long as they have view access to them — application-urlshortenerCWE-352 4.3AIMediumAI2025-05-30
CVE-2025-27604 XWiki Confluence Migrator Pro's homepage is public — application-confluence-migrator-proCWE-200 7.5 High2025-03-07
CVE-2025-27603 XWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations — application-confluence-migrator-proCWE-95 9.1 Critical2025-03-07
CVE-2024-52298 macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author — macro-pdfviewerCWE-615 7.5 High2024-11-13
CVE-2024-52299 The PDF viewer macro allows accessing any attachment without access right checks — macro-pdfviewerCWE-340 7.5 High2024-11-13
CVE-2024-52300 macro-pdfviewer has a XSS through the width parameter — macro-pdfviewerCWE-80 9.1 Critical2024-11-13
CVE-2024-42489 Pro Macros Remote Code Execution via Viewpdf and similar macros — xwiki-pro-macrosCWE-74 10.0 Critical2024-08-12
CVE-2024-30263 The PDF Viewer macro can be used to view PDF attachments with restricted access — macro-pdfviewerCWE-200 7.7 High2024-04-04
CVE-2024-26138 License information is public, exposing instance id and license holder details — application-licensingCWE-862 5.3 Medium2024-02-21
CVE-2023-46743 The same file cannot be opened with different rights — application-collaboraCWE-276 7.4 High2023-11-09
CVE-2023-45144 Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App — identity-oauthCWE-79 10.0 Critical2023-10-16

This page lists every published CVE security advisory associated with xwikisas. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.