Vulnerabilities > Xwiki > Xwiki > 13.10.4

DATE CVE VULNERABILITY TITLE RISK
2022-11-23 CVE-2022-41932 Allocation of Resources Without Limits or Throttling vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-770
5.3
5.3
2022-11-23 CVE-2022-41933 Insufficiently Protected Credentials vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-522
6.5
6.5
2022-11-23 CVE-2022-41931 Eval Injection vulnerability in Xwiki
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection').
network
low complexity
xwiki CWE-95
8.8
8.8
2022-11-23 CVE-2022-41934 Improper Encoding or Escaping of Output vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-116
8.8
8.8
2022-11-23 CVE-2022-41935 Unspecified vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki
4.3
4.3
2022-11-23 CVE-2022-41927 Cross-Site Request Forgery (CSRF) vulnerability in Xwiki
XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation.
network
low complexity
xwiki CWE-352
7.4
7.4
2022-11-23 CVE-2022-41928 Eval Injection vulnerability in Xwiki
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml.
network
low complexity
xwiki CWE-95
8.8
8.8
2022-11-23 CVE-2022-41929 Missing Authorization vulnerability in Xwiki
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user.
network
low complexity
xwiki CWE-862
4.9
4.9
2022-11-23 CVE-2022-41930 Missing Authorization vulnerability in Xwiki
org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users.
network
low complexity
xwiki CWE-862
8.2
8.2
2022-11-22 CVE-2022-41936 Privacy Violation vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-359
7.5
7.5