Vulnerabilities > Xwiki
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-11 | CVE-2019-15302 | Improper Resource Shutdown or Release vulnerability in Xwiki Cryptpad The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification. | 5.5 |
2018-09-28 | CVE-2018-16277 | Cross-site Scripting vulnerability in Xwiki The Image Import function in XWiki through 10.7 has XSS. | 3.5 |
2017-07-17 | CVE-2017-1000051 | Cross-site Scripting vulnerability in Xwiki Cryptpad Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content | 4.3 |
2012-02-08 | CVE-2012-1019 | Cross-Site Scripting vulnerability in Xwiki Enterprise 3.4 Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/DownloadFeedback. | 4.3 |
2010-12-30 | CVE-2010-4642 | Cross-Site Scripting vulnerability in Xwiki Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-12-30 | CVE-2010-4641 | SQL Injection vulnerability in Xwiki SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-12-30 | CVE-2010-4640 | Cross-Site Scripting vulnerability in Xwiki Watch 1.0 Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name parameters to bin/register/XWiki/Register. | 4.3 |
2007-09-14 | CVE-2007-4898 | Information Disclosure vulnerability in XWiki Multiwiki Setup Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 Enterprise RC2 allows remote authenticated users, with administrative access to one wiki in a multiwiki environment, to obtain sensitive information via unknown attack vectors. | 2.1 |
2007-09-14 | CVE-2007-4888 | Remote Security vulnerability in Xwiki 1.0B1/1.0B2 The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable. network xwiki | 3.5 |
2007-09-14 | CVE-2006-7223 | Permissions, Privileges, and Access Controls vulnerability in Xwiki PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document. | 6.5 |