High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-02	CVE-2022-24897	Path Traversal vulnerability in Xwiki APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. network high complexity xwiki CWE-22	7.5
2021-05-28	CVE-2021-32621	Code Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. network low complexity xwiki CWE-94	8.8
2020-12-31	CVE-2020-13654	Improper Encoding or Escaping of Output vulnerability in Xwiki XWiki Platform before 12.8 mishandles escaping in the property displayer. network low complexity xwiki CWE-116	7.5
2020-05-12	CVE-2020-11057	Code Injection vulnerability in Xwiki In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. network low complexity xwiki CWE-94	8.8
2010-12-30	CVE-2010-4641	SQL Injection vulnerability in Xwiki SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity xwiki CWE-89	7.5