Vulnerabilities > Xwiki

DATE CVE VULNERABILITY TITLE RISK
2022-11-23 CVE-2022-41928 Eval Injection vulnerability in Xwiki
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml.
network
low complexity
xwiki CWE-95
8.8
2022-11-23 CVE-2022-41929 Missing Authorization vulnerability in Xwiki
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user.
network
low complexity
xwiki CWE-862
4.9
2022-11-23 CVE-2022-41930 Missing Authorization vulnerability in Xwiki
org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users.
network
low complexity
xwiki CWE-862
8.2
2022-11-22 CVE-2022-41936 Privacy Violation vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-359
7.5
2022-11-22 CVE-2022-41937 Missing Authorization vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-862
8.1
2022-11-04 CVE-2022-39387 Improper Authentication vulnerability in Xwiki Openid Connect
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki.
network
low complexity
xwiki CWE-287
7.5
2022-09-08 CVE-2022-36099 Improper Encoding or Escaping of Output vulnerability in Xwiki
XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform.
network
low complexity
xwiki CWE-116
8.8
2022-09-08 CVE-2022-36100 Improper Encoding or Escaping of Output vulnerability in Xwiki
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform.
network
low complexity
xwiki CWE-116
8.8
2022-09-08 CVE-2022-36091 Missing Authorization vulnerability in Xwiki
XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform.
network
low complexity
xwiki CWE-862
7.5
2022-05-31 CVE-2022-29258 Cross-site Scripting vulnerability in Xwiki
XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream.
network
xwiki CWE-79
4.3