Exposure of XWiki
Wikis334
exposure score
39
sites use
1
exploited
121
critical
CVEs
245 resultsCVE-2024-37898MEDIUMXWiki Platform vulnerable to document deletion and overwrite from editEPSS 0.4%CVE-2025-54124HIGHXWiki Platform: Any user with editing rights can access password properties through Database List PropertiesEPSS 0.4%CVE-2025-23025CRITICALPrivilege escalation (PR) through realtime WYSIWYG editing in XWikiEPSS 0.4%CVE-2025-32972LOWThe lesscss script service allows cache clearing without programming rightEPSS 0.4%CVE-2023-46242CRITICALCode injection in XWiki PlatformEPSS 0.4%CVE-2022-29161MEDIUMCrypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platformEPSS 0.4%CVE-2024-31464MEDIUMXWiki Platform: Password hash might be leaked by diff once the xobject holding them is deletedEPSS 0.4%CVE-2025-49584HIGHXWiki makes title of inaccessible pages available through the class property values REST APIEPSS 0.4%CVE-2025-29924HIGHXWiki uses the wrong wiki reference in AuthorizationManagerEPSS 0.4%CVE-2025-49580HIGHXWiki allows privilege escalation through link refactoringEPSS 0.4%CVE-2025-49585HIGHXWiki does not require right warnings for XClass definitionsEPSS 0.4%CVE-2025-49587MEDIUMXWiki does not require right warnings for notification displayer objectsEPSS 0.4%CVE-2024-38369CRITICALXWiki programming rights may be inherited by inclusion EPSS 0.3%CVE-2025-58049MEDIUMXWiki PDF export jobs store sensitive cookies unencrypted in job statusesEPSS 0.3%CVE-2025-66473HIGHXWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikisEPSS 0.3%CVE-2025-53835CRITICALXWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntaxEPSS 0.3%CVE-2025-32973CRITICALorg.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming rightEPSS 0.3%CVE-2022-36095MEDIUMXWiki Cross-Site Request Forgery (CSRF) for actions on tagsEPSS 0.3%CVE-2025-32971LOWXWiki Solr script service doesn't take dropped programming right into accountEPSS 0.3%CVE-2024-31985MEDIUMXWiki Platform CSRF in the job schedulerEPSS 0.3%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →