Vulnerabilities > Xwiki > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-04 | CVE-2021-43841 | Cross-site Scripting vulnerability in Xwiki XWiki is a generic wiki platform offering runtime services for applications built on top of it. | 3.5 |
| 2021-03-12 | CVE-2021-21379 | Improper Preservation of Permissions vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 3.5 |
| 2021-01-20 | CVE-2021-3137 | Cross-site Scripting vulnerability in Xwiki 12.10.2 XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section. | 3.5 |
| 2018-09-28 | CVE-2018-16277 | Cross-site Scripting vulnerability in Xwiki The Image Import function in XWiki through 10.7 has XSS. | 3.5 |
| 2007-09-14 | CVE-2007-4898 | Information Disclosure vulnerability in XWiki Multiwiki Setup Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 Enterprise RC2 allows remote authenticated users, with administrative access to one wiki in a multiwiki environment, to obtain sensitive information via unknown attack vectors. | 2.1 |
| 2007-09-14 | CVE-2007-4888 | Remote Security vulnerability in Xwiki 1.0B1/1.0B2 The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable. network xwiki | 3.5 |