Lucene search
K

3468 matches found

Nuclei
Nuclei
added yesterday7 views

XWiki DeleteApplication - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a reflected XSS attack...

6.5CVSS7AI score0.00463EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday54 views

XWiki < 14.10.14 - Cross-Site Scripting

XWiki is vulnerable to reflected cross-site scripting RXSS via the rev parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the...

9.6CVSS6.9AI score0.02191EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday43 views

XWiki < 14.10.5 - Cross-Site Scripting

XWiki Platform is vulnerable to reflected XSS via the previewactions template. An attacker can inject JavaScript through the xcontinue parameter. id: CVE-2023-35162 info: name: XWiki 14.10.5 - Cross-Site Scripting author: ritikchaddha severity: medium description: | XWiki Platform is vulnerable t...

9.6CVSS6.4AI score0.02377EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday26 views

XWiki >= 13.10.8 - Cross-Site Scripting

Reflected XSS vulnerability in XWiki authenticate endpoints allows execution of arbitrary JavaScript. id: CVE-2023-29506 info: name: XWiki = 13.10.8 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Reflected XSS vulnerability in XWiki authenticate endpoints allows...

6.1CVSS6.7AI score0.01721EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday37 views

XWiki - Open Redirect

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as //mydomain.com i.e. omitting the http:. It was also possible to bypass it when using URL...

6.1CVSS6.3AI score0.01756EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday187 views

XWiki >= 6.2-milestone-1 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.3AI score0.02377EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday29 views

XWiki - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. id: CVE-2023-35155 info: name: XWiki - Cross-Site Scripting author: ritikchaddha severity: medium...

8.8CVSS6.9AI score0.01496EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday43 views

XWiki < 12.10.11, 13.4.4 & 13.9-rc-1 - Information Disclosure

An unauthenticated user can retrieve a list of users and their full names through a publicly accessible URL in XWiki. The issue affects versions before 12.10.11, 13.4.4, and 13.9-rc-1. id: CVE-2022-24819 info: name: XWiki 12.10.11, 13.4.4 & 13.9-rc-1 - Information Disclosure author: ritikchaddha...

5.3CVSS6.2AI score0.03282EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday50 views

XWiki >= 2.5-milestone-2 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.3AI score0.02268EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday51 views

XWiki >= 6.0-rc-1 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.4AI score0.02081EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday69 views

XWiki >= 3.4-milestone-1 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.4AI score0.02182EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday75 views

XWiki < 14.10.14 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy disabled by default, XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflecte...

9.6CVSS7.3AI score0.05124EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday250 views

XWiki Platform - Remote Code Execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute...

9.9CVSS7.9AI score0.91346EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday59 views

XWiki Platform - Information Disclosure

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. id: CVE-2025-55747 info: name: XWiki Platform - Information Disclosure author: Redmomn...

9.3CVSS7.2AI score0.01557EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday16 views

XWiki <= 17.3.0 - Server-Side Template Injection (SSTI)

XWiki = 17.3.0 contains a server-side template injection caused by improper validation of Apache Velocity template code in the Administration interface HTTP Meta Info field, letting authenticated administrators execute arbitrary template logic. id: CVE-2025-51991 info: name: XWiki = 17.3.0 -...

8.8CVSS7.4AI score0.03366EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday10 views

XWiki - Information Disclosure

XWiki 16.7.0 to 16.10.11, 17.4.4, and 17.7.0 using XJetty contains an information disclosure vulnerability caused by exposed context allowing static access to files in webapp/ folder, letting attackers access sensitive files, exploit requires use of XJetty package. id: CVE-2025-55749 info: name:...

8.7CVSS7AI score0.01378EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday37 views

XWiki Platform - Path Traversal

XWiki Platform 4.2-milestone-2 through 16.10.6 contains a path traversal caused by improper access control in jsx and sx endpoints, letting remote attackers read configuration files, exploit requires no special privileges. id: CVE-2025-55748 info: name: XWiki Platform - Path Traversal author:...

9.3CVSS7.1AI score0.01639EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday13 views

XWiki Platform Distribution Flavor Main - Cross-Site Scripting

XWiki Platform Distribution Flavor Main versions prior to 17.6.0 are vulnerable to reflected cross-site scripting XSS due to improper sanitization of user-supplied input in the extensionId parameter. An attacker can exploit this issue by injecting malicious JavaScript, which will be executed in t...

6.5CVSS6.9AI score0.00503EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday18 views

XWiki - Cross-Site Scripting

XWiki is vulnerable to reflected Cross-Site Scripting XSS via the viewer=changes endpoint. The rev2 parameter is not properly sanitised before being rendered in the response, allowing an attacker to inject arbitrary JavaScript. Affects XWiki versions prior to the patched release. id: CVE-2026-401...

6.5CVSS6.5AI score0.00549EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday13 views

XWiki Platform - Cross-Site Scripting

XWiki Platform versions = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and 17.3.0-rc-1 are vulnerable to reflected XSS in two templates. The vulnerability allows an attacker to execute malicious JavaScript code in the context of the...

6.5CVSS7.3AI score0.00634EPSS
Exploits1References3
Rows per page
Query Builder