3476 matches found
CVE-2026-40104 XWiki's REST APIs can list all pages/spaces, leading to unavailability
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...
XWiki Platform 安全漏洞
The XWiki Platform is an open-source wiki platform used for creating web collaboration applications. Vulnerabilities exist in versions 10.4-rc-1 to 16.10.15, 17.0.0-rc-1 to 17.4.7, and 17.5.0-rc-1 to 17.10.0 of the XWiki Platform. These vulnerabilities stem from a reflection-type cross-site...
XWiki Platform 安全漏洞
The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform such as 1.8-rc-1, 17.0.0-rc-1, and 17.5.0-rc-1 and earlier contain security vulnerabilities. These vulnerabilities stem from resource exhaustion issues with the...
XWiki's REST APIs can list all pages/spaces, leading to unavailability
Impact REST API endpoints like /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties list all available pages as part of the metadata for database list properties, which can exhaust available resources on large wikis. Patches Thi...
GHSA-MRQG-XMGM-RC5G XWiki's REST APIs can list all pages/spaces, leading to unavailability
Impact REST API endpoints like /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties list all available pages as part of the metadata for database list properties, which can exhaust available resources on large wikis. Patches Thi...
GHSA-W4FJ-87J5-F25C XWiki has Reflected Cross-Site Scripting (XSS) in page history compare
Impact A reflected cross-site scripting vulnerability XSS in the compare view between revisions of a page allows executing JavaScript code in the user's browser. If the current user is an admin, this can not only affect the current user but also the confidentiality, integrity and availability of...
PT-2026-32970
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...
📄 XWiki Blog Cross Site Scripting
XWiki Blog versions prior to 9.15.7 suffer from a persistent cross site scripting vulnerability via the blog post title. CVE-2025-66024: XWiki Blog Application home page vulnerable to Stored XSS via Post Title Overview | Field | Details | |---|---| | CVE ID | CVE-2025-66024 | | Severity | HIGH | ...
Exploit for SQL Injection in Xwiki
No d...
Exploit for CVE-2025-66024
CVE-2025-66024: XWiki Blog Application home page vulnerable to...
CVE-2026-33229
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...
CVE-2026-33229
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...
EUVD-2026-20478
XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API...
XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API
Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...
GHSA-H259-74H5-4RH9 XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API
Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...
CVE-2026-33229
XWiki Platform is affected by a remote-code-execution vulnerability due to an improperly protected scripting API that lets users with script right bypass the Velocity sandbox and run arbitrary code (e.g., Python scripts). This can grant full access to the XWiki instance, compromising confidential...
CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...
CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...
CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...
XWiki Platform 安全漏洞
The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform prior to 17.4.8 and 17.10.1 contained security vulnerabilities. These vulnerabilities stemmed from inadequate protection of the script API, allowing users with...