Xwiki

Xwiki

239 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-55748

  • EPSS 0.05%
  • Veröffentlicht 03.09.2025 20:19:45
  • Zuletzt bearbeitet 10.09.2025 17:24:13

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read co...

9.1

CVE-2025-55747

  • EPSS 0.23%
  • Veröffentlicht 03.09.2025 20:12:12
  • Zuletzt bearbeitet 10.09.2025 17:47:28

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7.

7.5

CVE-2025-58049

Exploit
  • EPSS 0.1%
  • Veröffentlicht 28.08.2025 17:43:39
  • Zuletzt bearbeitet 02.09.2025 17:34:25

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensiti...

4.8

CVE-2025-51990

Exploit
  • EPSS 0.11%
  • Veröffentlicht 20.08.2025 00:00:00
  • Zuletzt bearbeitet 11.09.2025 13:51:18

XWiki through version 17.3.0 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities in the Administration interface, specifically under the Presentation section of the Global Preferences panel. An authenticated administrator can in...

8.8

CVE-2025-51991

Exploit
  • EPSS 1.16%
  • Veröffentlicht 20.08.2025 00:00:00
  • Zuletzt bearbeitet 11.09.2025 13:50:55

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection (SSTI) in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticated administrator can injec...

6.5

CVE-2025-54125

  • EPSS 5.92%
  • Veröffentlicht 05.08.2025 23:30:38
  • Zuletzt bearbeitet 02.09.2025 19:24:04

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1....

6.5

CVE-2025-54124

Exploit
  • EPSS 0.03%
  • Veröffentlicht 05.08.2025 23:28:07
  • Zuletzt bearbeitet 02.09.2025 19:24:15

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 9.8-rc-1 through 16.4.6, 16.5.0-rc-1 through 16.10.4, and 17.0.0-rc-1 through...

6.1

CVE-2025-32430

Exploit
  • EPSS 0.41%
  • Veröffentlicht 05.08.2025 23:27:07
  • Zuletzt bearbeitet 02.09.2025 19:24:23

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulne...

9.8

CVE-2025-54385

  • EPSS 0.73%
  • Veröffentlicht 26.07.2025 03:28:49
  • Zuletzt bearbeitet 03.09.2025 17:42:29

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions between 17.0.0-rc1 to 17.2.2 and versions 16.10.5 and below, it's possible to execute any SQL query in Oracle by using the function l...

9.8

CVE-2025-32429

  • EPSS 1.54%
  • Veröffentlicht 24.07.2025 23:15:26
  • Zuletzt bearbeitet 03.09.2025 17:43:28

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getde...