Vulnerabilities > Xwiki > Xwiki > 7.4.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-02 | CVE-2023-26475 | Improper Privilege Management vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 8.8 |
| 2023-03-02 | CVE-2023-26476 | Improper Restriction of Excessive Authentication Attempts vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 7.5 |
| 2023-03-02 | CVE-2023-26477 | Code Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 9.8 |
| 2023-03-02 | CVE-2023-26479 | Improper Handling of Exceptional Conditions vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 6.5 |
| 2022-11-23 | CVE-2022-41932 | Allocation of Resources Without Limits or Throttling vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 5.3 |
| 2022-11-23 | CVE-2022-41931 | Eval Injection vulnerability in Xwiki xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). | 8.8 |
| 2022-11-23 | CVE-2022-41934 | Improper Encoding or Escaping of Output vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2022-11-23 | CVE-2022-41927 | Cross-Site Request Forgery (CSRF) vulnerability in Xwiki XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. | 7.4 |
| 2022-11-23 | CVE-2022-41928 | Eval Injection vulnerability in Xwiki XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. | 8.8 |
| 2022-11-22 | CVE-2022-41937 | Missing Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.1 |