Exposición de XWiki
Wikis334
score de exposición
39
sitios usan
1
en explotación
121
críticos
CVEs
245 resultadosCVE-2022-41934CRITICALImproper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-uiEPSS 1.3%CVE-2023-37912CRITICALXWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macroEPSS 1.2%CVE-2025-54125HIGHXWiki Platform: Password and email exposure in xml.vm fieldsEPSS 1.2%CVE-2021-32731MEDIUMThe reset password form reveal users email addressEPSS 1.2%CVE-2023-29214CRITICALorg.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerabilityEPSS 1.2%CVE-2023-29212CRITICALxwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerabilityEPSS 1.2%CVE-2023-29210CRITICALorg.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerabilityEPSS 1.2%CVE-2023-29211CRITICALorg.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerabilityEPSS 1.2%CVE-2022-41931CRITICALImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-uiEPSS 1.2%CVE-2023-50723CRITICALXWiki Platform remote code execution/programming rights with configuration section from any user accountEPSS 1.2%CVE-2023-26055CRITICALXWiki Commons may allow privilege escalation to programming rights via user's first nameEPSS 1.2%CVE-2023-29201CRITICALorg.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerabilityEPSS 1.2%CVE-2023-29526CRITICALAsync and display macro allow displaying and interacting with any document in restricted modeEPSS 1.1%CVE-2023-29209CRITICALorg.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerabilityEPSS 1.1%CVE-2023-27479CRITICALImproper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-uiEPSS 1.1%CVE-2023-29518CRITICALCode injection from view right using Invitation.InvitationCommon in xwiki-platformEPSS 1.1%CVE-2023-29512CRITICALCode injection in xwiki-platform-web-templatesEPSS 1.1%CVE-2021-32620HIGHUsers registered with email verification can self re-activate their disabled accountsEPSS 1.1%CVE-2023-29521HIGHCode injection from account/view through VFS Tree macro in xwiki-platformEPSS 1.1%CVE-2021-29459CRITICALXSS Cross Site ScriptingEPSS 1.1%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →