Vulnerabilities > Xwiki > Xwiki > 7.4.6

DATE CVE VULNERABILITY TITLE RISK
2020-05-12 CVE-2020-11057 Code Injection vulnerability in Xwiki
In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards.
network
low complexity
xwiki CWE-94
8.8
8.8
2018-09-28 CVE-2018-16277 Cross-site Scripting vulnerability in Xwiki
The Image Import function in XWiki through 10.7 has XSS.
network
low complexity
xwiki CWE-79
5.4
5.4