| CVE-2024-41947 |
unknown |
— |
1.0 |
|
|
|
2y ago |
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution |
| CVE-2026-40105 |
unknown |
— |
— |
|
|
|
2mo ago |
XWiki has Reflected Cross-Site Scripting (XSS) in page history compare |
| CVE-2026-24128 |
unknown |
— |
— |
|
|
|
4mo ago |
XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages |
| CVE-2025-66472 |
unknown |
— |
— |
|
|
|
6mo ago |
XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication |
| CVE-2025-32430 |
unknown |
— |
— |
|
|
|
10mo ago |
XWiki allows Reflected XSS in two templates |
| CVE-2024-43401 |
unknown |
— |
— |
|
|
|
2y ago |
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them |
| CVE-2023-45137 |
unknown |
— |
— |
|
|
|
3y ago |
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages |
| CVE-2023-45136 |
unknown |
— |
— |
|
|
|
3y ago |
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled |
| CVE-2023-45135 |
unknown |
— |
— |
|
|
|
3y ago |
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title |
| CVE-2023-45134 |
unknown |
— |
— |
|
|
|
3y ago |
XWiki Platform XSS vulnerability from account in the create page form via template provider |
| CVE-2023-40176 |
unknown |
— |
— |
|
|
|
3y ago |
XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer |
| CVE-2023-35160 |
unknown |
— |
— |
|
|
|
3y ago |
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template |
| CVE-2023-35159 |
unknown |
— |
— |
|
|
|
3y ago |
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template |
| CVE-2023-34464 |
unknown |
— |
— |
|
|
|
3y ago |
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template |
| CVE-2023-29513 |
unknown |
— |
— |
|
|
|
3y ago |
xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro |
| CVE-2023-29512 |
unknown |
— |
— |
|
|
|
3y ago |
xwiki-platform-web-templates vulnerable to Eval Injection |
| CVE-2023-29207 |
unknown |
— |
— |
|
|
|
3y ago |
Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro |
| CVE-2023-29203 |
unknown |
— |
— |
|
|
|
3y ago |
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm |
| CVE-2022-36095 |
unknown |
— |
— |
|
|
|
4y ago |
XWiki Cross-Site Request Forgery (CSRF) for actions on tags |
| CVE-2022-36091 |
unknown |
— |
— |
|
|
|
4y ago |
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor |
| CVE-2022-36093 |
unknown |
— |
— |
|
|
|
4y ago |
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard |
| CVE-2022-24819 |
unknown |
— |
— |
|
|
|
4y ago |
Unauthenticated user can retrieve the list of users through uorgsuggest.vm |
| CVE-2022-23622 |
unknown |
— |
— |
|
|
|
4y ago |
Cross site scripting in registration template in xwiki-platform |