Xwiki Security Vulnerabilities (CVEs)
Track 125 security vulnerabilities affecting Xwiki products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in XWiki Platform allows attackers to execute Velocity scripts without proper script rights through the document tree. This affects...
Dec 21, 2023This vulnerability in XWiki Platform allows any user who can edit a wiki page to gain programming rights through missing escaping in administration in...
Dec 15, 2023This vulnerability in XWiki Platform allows authenticated users to inject malicious XWiki syntax containing script macros through the search administr...
Dec 15, 2023This vulnerability in XWiki Change Request allows attackers with change request permissions to edit pages containing password fields and export the ch...
Dec 4, 2023This CSRF vulnerability in XWiki Admin Tools allows attackers to execute arbitrary database queries when an admin user views malicious content. It aff...
Nov 20, 2023This vulnerability in XWiki Platform allows attackers to steal login and session cookies via image embedding in rendered diffs, enabling user imperson...
Nov 20, 2023This is a critical CSRF vulnerability in XWiki Admin Tools that allows attackers to execute arbitrary shell commands on the server by tricking adminis...
Nov 20, 2023This vulnerability in XWiki's Collabora Online integration allows users with view-only permissions to gain edit access to documents when they open att...
Nov 9, 2023This vulnerability in XWiki Platform allows authenticated users with edit rights to execute arbitrary Groovy code on the server by exploiting improper...
Nov 7, 2023CVE-2023-46242 is a critical vulnerability in XWiki Platform that allows authenticated users with programming privileges to execute arbitrary content ...
Nov 7, 2023CVE-2023-46731 is a critical remote code execution vulnerability in XWiki Platform where improper escaping of the section URL parameter allows attacke...
Nov 6, 2023This is a stored cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject malicious scripts into error messages when...
Oct 25, 2023This vulnerability allows reflected cross-site scripting (XSS) in XWiki's page creation form when document name validation is enabled. An attacker can...
Oct 25, 2023This is a stored cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers with user accounts to inject malicious JavaScript in...
Oct 25, 2023CVE-2023-37908 is a cross-site scripting (XSS) vulnerability in XWiki Rendering that allows attackers to inject arbitrary HTML/JavaScript via maliciou...
Oct 25, 2023This vulnerability in XWiki Platform allows attackers with edit access to any document (including default-editable user profiles) to move any attachme...
Oct 25, 2023This vulnerability in XWiki's footnote macro allows privilege escalation from a standard user account to programming rights, leading to remote code ex...
Oct 25, 2023This vulnerability in XWiki's Identity OAuth UI component allows attackers to inject malicious scripts and XWiki syntax via OAuth login parameters. Su...
Oct 16, 2023CVE-2023-40572 is a Cross-Site Request Forgery (CSRF) vulnerability in XWiki Platform's create action that allows attackers to execute arbitrary scrip...
Aug 24, 2023This vulnerability allows any registered user in XWiki Platform to execute arbitrary scripts with programming rights via their user profile content fi...
Aug 23, 2023This stored XSS vulnerability in XWiki Platform allows any registered user to inject malicious JavaScript into their time zone preference, which execu...
Aug 23, 2023This vulnerability allows any user with view access to the Invitation.WebHome page in XWiki Platform to execute arbitrary script macros, including Gro...
Aug 17, 2023This vulnerability in XWiki Platform allows attackers with view rights on the SkinsCode.XWikiSkinsSheet document to escalate privileges to programming...
Jul 14, 2023This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in XWiki Platform's REST API that allows attackers to execute arbitrary code when...
Jul 10, 2023This vulnerability allows any user with edit rights in XWiki Platform to edit all pages in the CKEditor space, enabling harmful actions like deleting ...
Jun 30, 2023XWiki Platform retains vulnerable old document revisions after upgrades, allowing attackers to exploit previously fixed vulnerabilities by accessing s...
Jun 29, 2023CVE-2023-36470 is a critical remote code execution vulnerability in XWiki Platform that allows attackers to inject and execute malicious code with pro...
Jun 29, 2023XWiki Commons HTML sanitizer vulnerability allows attackers without script rights to create phishing forms or embed malicious inputs that could lead t...
Jun 29, 2023This is a cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject malicious JavaScript via specially crafted URLs. ...
Jun 23, 2023This is a cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject malicious JavaScript via specially crafted URLs. ...
Jun 23, 2023This is a cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject malicious JavaScript via specially crafted URLs. ...
Jun 23, 2023This vulnerability allows attackers to inject malicious JavaScript into XWiki pages by crafting URLs with payloads in the resubmit template parameters...
Jun 23, 2023This is a cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject malicious JavaScript via specially crafted URLs. ...
Jun 23, 2023This stored cross-site scripting (XSS) vulnerability in XWiki Platform allows users with edit rights to inject malicious scripts into wiki pages. When...
Jun 23, 2023This vulnerability in XWiki Platform allows attackers to retrieve email addresses of all users even when mail obfuscation is enabled. While emails app...
Jun 23, 2023This vulnerability allows any user with view rights on any document in XWiki Platform to execute arbitrary code with programming rights, leading to re...
Jun 23, 2023This vulnerability allows any logged-in XWiki user to inject malicious code into their first name field, which executes with programming rights. This ...
Jun 23, 2023This vulnerability allows any logged-in user in XWiki Platform to modify mail configuration settings, including viewing and editing SMTP credentials. ...
Jun 23, 2023This stored cross-site scripting (XSS) vulnerability in XWiki Platform allows users with document editing permissions to inject malicious HTML code. W...
Jun 23, 2023This vulnerability in XWiki Platform allows attackers to execute arbitrary wiki content with the privileges of the TipsPanel author by creating a mali...
Jun 20, 2023This vulnerability in XWiki Platform allows attackers to inject malicious scripts through HTML attributes and link URLs, enabling cross-site scripting...
May 10, 2023This CVE allows authenticated users in XWiki Platform to execute arbitrary code with the privileges of the XWiki.ClassSheet document author, potential...
May 9, 2023This vulnerability in XWiki's XML library allows attackers to inject arbitrary HTML code through invalid data attributes, leading to cross-site script...
May 9, 2023This vulnerability allows cross-site scripting (XSS) via invalid HTML comments in XWiki's restricted HTML cleaner mode. When exploited, it enables Jav...
Apr 20, 2023This vulnerability allows authenticated users without script or programming rights to execute arbitrary Groovy code on XWiki servers by adding malicio...
Apr 19, 2023This vulnerability in XWiki Platform allows attackers to bypass access controls and execute arbitrary code through specially crafted comments containi...
Apr 19, 2023This vulnerability allows any user with edit access to at least one document (including their own profile by default) to inject malicious code through...
Apr 19, 2023CVE-2023-29514 is a critical remote code execution vulnerability in XWiki Platform where any user with document edit rights can execute arbitrary code...
Apr 19, 2023CVE-2023-29516 is a critical remote code execution vulnerability in XWiki Platform where any user with view rights on the XWiki.AttachmentSelector pag...
Apr 19, 2023This vulnerability allows any user with view rights in XWiki Platform to execute arbitrary Groovy, Python, or Velocity code, leading to full compromis...
Apr 19, 2023Why Monitor Xwiki Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 125+ known vulnerabilities affecting Xwiki products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Xwiki packages in under 60 seconds. No agents required - completely agentless scanning that works across Xwiki deployments.
Free vulnerability database: Access detailed information about every Xwiki CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Xwiki CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
