CVE-2025-55749

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...

CVE-2025-55749 The XWiki Jetty package (XJetty) allows accessing any application file through URL

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...

CVE-2025-55749 The XWiki Jetty package (XJetty) allows accessing any application file through URL

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...

CVE-2025-55749

XWiki Jetty package (XJetty) exposes a context that allows static access to files under webapp/, leading to information disclosure of potentially credential-bearing files. Affected versions are 16.7.0–16.10.11, 17.4.4, and 17.7.0. The issue is fixed in 16.10.11, 17.4.4, and 17.7.0. Connected data...

EUVD-2025-200075

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...

XWiki Jetty Package (XJetty) allows accessing any application file through URL

Impact In an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials, like http://myhots/webapps/xwiki/WEB-INF/xwiki.cfg,...

PT-2025-48545

Name of the Vulnerable Software and Affected Versions XWiki versions 16.7.0 through 16.10.11 XWiki versions 17.4.0 through 17.4.4 XWiki version 17.7.0 Description XWiki, an open-source wiki software platform, has an issue where the XWiki Jetty package XJetty exposes a context allowing static acce...

Apache Tapestry Information Disclosure (CVE-2020-13953)

An information disclosure vulnerability exists in Apache Tapestry. This vulnerability is due to URL manipulation that allows Java webapp files inside WEB-INF to be listed and downloaded...

Information Disclosure

tapestry-core is vulnerable to information disclosure. Mishandling of URL allows an attacker to use malicious URL to list and download the JAVA webapp files from WEB-INF of the WAR being run...