Vulnerabilities > Xwiki > Xwiki > 14.4.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-02 | CVE-2023-26479 | Improper Handling of Exceptional Conditions vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 6.5 |
2023-03-02 | CVE-2023-26480 | Cross-site Scripting vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 5.4 |
2022-11-23 | CVE-2022-41932 | Allocation of Resources Without Limits or Throttling vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 5.3 |
2022-11-23 | CVE-2022-41931 | Eval Injection vulnerability in Xwiki xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). | 8.8 |
2022-11-23 | CVE-2022-41934 | Improper Encoding or Escaping of Output vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
2022-11-23 | CVE-2022-41935 | Unspecified vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 4.3 |
2022-11-23 | CVE-2022-41928 | Eval Injection vulnerability in Xwiki XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. | 8.8 |
2022-11-23 | CVE-2022-41929 | Missing Authorization vulnerability in Xwiki org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. | 4.9 |
2022-11-23 | CVE-2022-41930 | Missing Authorization vulnerability in Xwiki org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. | 8.2 |