Vulnerabilities > Xwiki > Xwiki > 0.9.793
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-12-30 | CVE-2010-4642 | Cross-Site Scripting vulnerability in Xwiki Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-12-30 | CVE-2010-4641 | SQL Injection vulnerability in Xwiki SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-09-14 | CVE-2006-7223 | Permissions, Privileges, and Access Controls vulnerability in Xwiki PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document. | 6.5 |
2005-12-31 | CVE-2005-4862 | Credentials Management vulnerability in Xwiki 0.9.793 The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password. | 5.0 |