Xwiki

Xwiki

239 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.7

CVE-2021-32730

Exploit
  • EPSS 0.17%
  • Published 01.07.2021 18:15:07
  • Last modified 21.11.2024 06:07:37

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions prior to 12.10.5, and in versions 13.0 through 13.1. It's possible for forge an URL...

5.5

CVE-2021-32729

  • EPSS 0.05%
  • Published 01.07.2021 17:15:07
  • Last modified 21.11.2024 06:07:36

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures recor...

8.8

CVE-2021-32620

  • EPSS 0.31%
  • Published 28.05.2021 21:15:08
  • Last modified 21.11.2024 06:07:23

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themse...

8.8

CVE-2021-32621

Exploit
  • EPSS 0.69%
  • Published 28.05.2021 21:15:08
  • Last modified 21.11.2024 06:07:23

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gad...

6.1

CVE-2021-29459

Exploit
  • EPSS 0.42%
  • Published 20.04.2021 19:15:09
  • Last modified 21.11.2024 06:01:08

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Register...

8.8

CVE-2021-21380

  • EPSS 2.9%
  • Published 23.03.2021 23:15:13
  • Last modified 21.11.2024 05:48:14

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL re...

5.4

CVE-2021-21379

  • EPSS 0.44%
  • Published 12.03.2021 18:15:12
  • Last modified 21.11.2024 05:48:14

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with the rights of the wiki macro author instead of the c...

5.4

CVE-2021-3137

Exploit
  • EPSS 0.15%
  • Published 20.01.2021 04:15:13
  • Last modified 21.11.2024 06:20:58

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.

7.5

CVE-2020-13654

  • EPSS 0.1%
  • Published 31.12.2020 01:15:12
  • Last modified 21.11.2024 05:01:41

XWiki Platform before 12.8 mishandles escaping in the property displayer.

9

CVE-2020-15252

Exploit
  • EPSS 2.7%
  • Published 16.10.2020 17:15:11
  • Last modified 21.11.2024 05:05:11

In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that m...