Exposição de XWiki
Wikis334
score de exposição
39
sites usam
1
em exploração
121
críticos
CVEs
245 resultadosCVE-2025-53836CRITICALXWiki Rendering is vulnerable to RCE attacks when processing nested macrosEPSS 0.5%CVE-2024-46978MEDIUMMissing checks for notification filter preferences editions in XWiki PlatformEPSS 0.5%CVE-2022-41932HIGHCreation of new database tables through login form on PostgreSQLEPSS 0.5%CVE-2025-32970MEDIUMorg.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerabilityEPSS 0.5%CVE-2024-21648HIGHXWiki has no right protection on rollback actionEPSS 0.5%CVE-2026-24128MEDIUMXWiki Affected by Reflected Cross-Site Scripting (XSS) in Error MessagesEPSS 0.5%CVE-2021-32729LOWA user without PR can reset user authentication failures informationEPSS 0.5%CVE-2023-50732HIGHVelocity execution without script right through tree macroEPSS 0.5%CVE-2025-46557HIGHAny user with view access to the XWiki space can change the authenticatorEPSS 0.5%CVE-2025-49581HIGHXWiki allows remote code execution through default value of wiki macro wiki-type parametersEPSS 0.5%CVE-2025-66472MEDIUMXWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplicationEPSS 0.5%CVE-2024-43400CRITICALXWiki Platform allows XSS through XClass name in string propertiesEPSS 0.5%CVE-2021-21379HIGHIt's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macroEPSS 0.5%CVE-2022-41933MEDIUMPlaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-defaultEPSS 0.4%CVE-2025-32968HIGHorg.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query APIEPSS 0.4%CVE-2023-41046MEDIUMVelocity execution without script rights in Xwiki platformEPSS 0.4%CVE-2023-29213CRITICALorg.xwiki.platform:xwiki-platform-logging-ui Injection vulnerabilityEPSS 0.4%CVE-2024-56158CRITICALXWiki allows SQL injection in query endpoint of REST API with OracleEPSS 0.4%CVE-2023-29508HIGHorg.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site ScriptingEPSS 0.4%CVE-2026-40104MEDIUMXWiki's REST APIs can list all pages/spaces, leading to unavailabilityEPSS 0.4%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →