Vulnerabilities > Xwiki
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-14 | CVE-2007-4888 | Remote Security vulnerability in Xwiki 1.0B1/1.0B2 The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable. network xwiki | 3.5 |
| 2007-09-14 | CVE-2006-7223 | Permissions, Privileges, and Access Controls vulnerability in Xwiki PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document. | 6.5 |
| 2005-12-31 | CVE-2005-4862 | Credentials Management vulnerability in Xwiki 0.9.793 The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password. | 5.0 |