| CVE-2026-26000 |
unknown |
— |
— |
|
|
|
4mo ago |
XWiki vulnerable to click-jacking through CSS injection in comments |
| CVE-2023-45137 |
unknown |
— |
— |
|
|
|
3y ago |
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages |
| CVE-2023-45135 |
unknown |
— |
— |
|
|
|
3y ago |
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title |
| CVE-2023-45134 |
unknown |
— |
— |
|
|
|
3y ago |
XWiki Platform XSS vulnerability from account in the create page form via template provider |
| CVE-2023-34464 |
unknown |
— |
— |
|
|
|
3y ago |
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template |
| CVE-2023-29207 |
unknown |
— |
— |
|
|
|
3y ago |
Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro |
| CVE-2023-26473 |
unknown |
— |
— |
|
|
|
3y ago |
Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm |
| CVE-2022-36091 |
unknown |
— |
— |
|
|
|
4y ago |
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor |
| CVE-2022-36093 |
unknown |
— |
— |
|
|
|
4y ago |
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard |
| CVE-2022-36094 |
unknown |
— |
— |
|
|
|
4y ago |
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history |
| CVE-2022-24820 |
unknown |
— |
— |
|
|
|
4y ago |
Unauthenticated user can list hidden document from multiple velocity templates in XWiki |
| CVE-2020-13654 |
unknown |
— |
— |
|
|
|
4y ago |
Improper escaping in XWiki Platform |
| CVE-2022-23619 |
unknown |
— |
— |
|
|
|
4y ago |
Information exposure in xwiki-platform |
| CVE-2021-32731 |
unknown |
— |
— |
|
|
|
5y ago |
The reset password form reveal users email address |
| CVE-2021-29459 |
unknown |
— |
— |
|
|
|
5y ago |
XSS Cross Site Scripting |
