Vulnerabilities > Xwiki > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2021-43841 Cross-site Scripting vulnerability in Xwiki
XWiki is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-79
5.4
5.4
2021-07-01 CVE-2021-32731 Information Exposure vulnerability in Xwiki 13.1
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-200
5.3
5.3
2021-07-01 CVE-2021-32730 Cross-Site Request Forgery (CSRF) vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-352
5.7
5.7
2021-07-01 CVE-2021-32729 Incorrect Permission Assignment for Critical Resource vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-732
5.4
5.4
2021-04-20 CVE-2021-29459 Unspecified vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki
6.1
6.1
2021-03-12 CVE-2021-21379 Unspecified vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki
5.4
5.4
2021-01-20 CVE-2021-3137 Cross-site Scripting vulnerability in Xwiki 12.10.2
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
network
low complexity
xwiki CWE-79
5.4
5.4
2020-09-10 CVE-2020-15171 Injection vulnerability in Xwiki
In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution.
network
high complexity
xwiki CWE-74
6.6
6.6
2019-09-11 CVE-2019-15302 Improper Resource Shutdown or Release vulnerability in Xwiki Cryptpad
The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification.
network
low complexity
xwiki CWE-404
6.5
6.5
2018-09-28 CVE-2018-16277 Cross-site Scripting vulnerability in Xwiki
The Image Import function in XWiki through 10.7 has XSS.
network
low complexity
xwiki CWE-79
5.4
5.4