CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and...

9CVSS0.00577EPSS

Exploits1References3

BDU FSTEC•added 2025/03/26 12:0 a.m.•1 views

The vulnerability of the org.xwiki.platform:xwiki-platform-security-authorization-api component of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows an attacker to gain unauthorized access to protected information.

The vulnerability of the org.xwiki.platform:xwiki-platform-security-authorization-api component of the XWiki Platform lies in the insecure management of privileges. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.8CVSS5.4AI score0.0034EPSS

Exploits0References4Affected Software1

CVE•added 2025/03/19 5:36 p.m.•96 views

CVE-2025-29925

XWiki Platform REST API vulnerability CVE-2025-29925: the /rest/wikis/[wikiName]/pages endpoint could disclose information about protected/private pages to unauthenticated users before fixes. The issue occurs because the endpoint listed pages even when the user had no view rights, notably when th...

8.7CVSS6.3AI score0.01149EPSS

In wildExploits1References5Affected Software1

RedhatCVE•added 2025/02/05 8:33 p.m.•12 views

CVE-2022-31166

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor...

8.8CVSS6.5AI score0.01997EPSS

Exploits1References1

Vulnrichment•added 2024/12/12 6:53 p.m.•13 views

CVE-2024-55663 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...

8.6CVSS6.4AI score0.01904EPSS

Exploits0References3

Vulnrichment•added 2023/10/25 5:17 p.m.•14 views

CVE-2023-37910 org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document can be the use...

8.1CVSS6.7AI score0.00574EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by