Vulnerabilidades en xwiki
245 resultadosCVE-2025-24893CRITICALRemote code execution as guest via SolrSearchMacros request in xwikiEPSS 99.9%KEVCVE-2024-21650CRITICALXWiki Remote Code Execution vulnerability via user registrationEPSS 93.5%CVE-2023-37462CRITICALImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-skin-uiEPSS 91.3%CVE-2023-46731CRITICALRemote code execution through the section parameter in Administration as guest in XWiki PlatformEPSS 88.5%CVE-2025-32429CRITICALXWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameterEPSS 84.6%CVE-2023-50719HIGHXWiki Platform Solr search discloses password hashes of all usersEPSS 83.5%CVE-2024-31984CRITICALXWiki Platform: Remote code execution through space title and Solr space facetEPSS 83.0%CVE-2023-36469CRITICALCode injection through NotificationRSSService in XWiki PlatformEPSS 82.7%CVE-2025-32969CRITICALorg.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST APIEPSS 79.5%CVE-2023-40176CRITICALSXSS in the user profile via the timezone displayerEPSS 78.9%CVE-2023-50721CRITICALXWiki Platform RCE from account through SearchAdminEPSS 78.8%CVE-2023-29525CRITICALPrivilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platformEPSS 77.8%CVE-2023-35150CRITICALXWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation applicationEPSS 77.7%CVE-2023-29524CRITICALCode injection from account through XWiki.SchedulerJobSheet in xwiki-platformEPSS 76.3%CVE-2023-29509CRITICALorg.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerabilityEPSS 76.3%CVE-2022-36099CRITICALXWiki Platform Wiki UI Main Wiki Eval Injection vulnerabilityEPSS 75.9%CVE-2024-31465CRITICALXWiki Platform: Remote code execution from account via SearchSuggestSourceSheetEPSS 75.6%CVE-2023-26477CRITICALorg.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerabilityEPSS 74.8%CVE-2024-31997CRITICALXWiki Platform remote code execution from account through UIExtension parametersEPSS 73.9%CVE-2022-36100CRITICALXWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval InjectionEPSS 73.6%