Vulnerabilities > Xwiki > Xwiki > 0.9.1252
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-12-30 | CVE-2010-4642 | Cross-Site Scripting vulnerability in Xwiki Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-12-30 | CVE-2010-4641 | SQL Injection vulnerability in Xwiki SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-09-14 | CVE-2006-7223 | Permissions, Privileges, and Access Controls vulnerability in Xwiki PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document. | 6.5 |