Xwiki Security Vulnerabilities (CVEs)

Track 125 security vulnerabilities affecting Xwiki products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

83 Critical

33 High

9 Medium

Sort by:

🔔 Get Alerts for Xwiki

CVE-2023-29521 8.4

CVE-2023-29521 is a critical remote code execution vulnerability in XWiki Platform where any user with view rights can execute arbitrary Groovy, Pytho...

Apr 19, 2023

CVE-2023-29522 9.9

CVE-2023-29522 is a critical remote code execution vulnerability in XWiki Platform that allows any user with view rights to execute arbitrary script m...

Apr 19, 2023

CVE-2023-29213 9.0

CVE-2023-29213 is a server-side template injection vulnerability in XWiki Platform's logging UI component that allows remote code execution. Attackers...

Apr 17, 2023

CVE-2023-29508 8.9

This stored cross-site scripting (XSS) vulnerability in XWiki Commons allows users without script rights to inject malicious scripts via the Live Data...

Apr 16, 2023

CVE-2023-29509 9.9

This vulnerability allows any user with view rights on commonly accessible documents to execute arbitrary Groovy, Python, or Velocity code in XWiki, l...

Apr 16, 2023

CVE-2023-30537 9.9

CVE-2023-30537 is a critical remote code execution vulnerability in XWiki Platform that allows authenticated users with object creation rights to exec...

Apr 16, 2023

CVE-2023-29212 9.9

This vulnerability allows any user with edit rights in XWiki to execute arbitrary Groovy, Python, or Velocity code due to improper escaping in the inc...

Apr 16, 2023

CVE-2023-29507 9.1

This vulnerability in XWiki Commons allows attackers to manipulate document authorship through the Document script API, bypassing access controls. Thi...

Apr 16, 2023

CVE-2023-29209 9.9

CVE-2023-29209 is a critical remote code execution vulnerability in XWiki Commons that allows authenticated users with view rights to execute arbitrar...

Apr 15, 2023

CVE-2023-29205 9.9

This vulnerability allows any XWiki user to inject malicious scripts via the HTML macro, leading to cross-site scripting (XSS) attacks. It affects XWi...

Apr 15, 2023

CVE-2023-29207 8.9

This cross-site scripting (XSS) vulnerability in XWiki allows attackers to inject malicious JavaScript via column names in Livetable and Documents mac...

Apr 15, 2023

CVE-2023-29201 9.0

This vulnerability allows cross-site scripting (XSS) attacks in XWiki Commons' HTML cleaner restricted mode, which insufficiently filtered dangerous H...

Apr 15, 2023

CVE-2023-27479 9.9

CVE-2023-27479 is a critical remote code execution vulnerability in XWiki Platform where any user with view rights can execute arbitrary Groovy, Pytho...

Mar 7, 2023

CVE-2023-26476 7.5

This vulnerability in XWiki Platform allows attackers to deduce password field contents through repeated calls to LiveTableResults and WikisLiveTableR...

Mar 2, 2023

CVE-2023-26480 8.9

This CVE allows users without script rights to perform stored cross-site scripting (XSS) attacks via the Live Data macro in XWiki Platform. Attackers ...

Mar 2, 2023

CVE-2023-26477 10.0

This vulnerability allows remote code execution via injection of arbitrary wiki syntax including Groovy, Python, and Velocity script macros through th...

Mar 2, 2023

CVE-2022-29258 7.4

This CVE describes a cross-site scripting (XSS) vulnerability in XWiki Platform Filter UI that allows attackers to inject malicious scripts into form ...

May 31, 2022

CVE-2022-29251 7.4

This CVE describes a cross-site scripting (XSS) vulnerability in XWiki Platform's Flamingo Theme UI. Attackers can inject malicious scripts via the 'n...

May 25, 2022

CVE-2022-23622 7.4

This is a cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject malicious scripts via the xredirect parameter in ...

Feb 9, 2022

CVE-2022-23616 8.8

CVE-2022-23616 allows unprivileged users to execute arbitrary code on XWiki Platform instances by injecting Groovy scripts into their profiles and tri...

Feb 9, 2022

CVE-2021-32732 7.5

This vulnerability in XWiki allows attackers to determine whether an email address has an associated user account and identify the corresponding usern...

Feb 4, 2022

CVE-2021-32621 8.8

This vulnerability allows authenticated users without Script or Programming rights to execute privileged scripts by editing gadget titles in XWiki Pla...

May 28, 2021

CVE-2021-29459 9.6

CVE-2021-29459 is a cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject malicious scripts into text fields. Bot...

Apr 20, 2021

CVE-2021-21380 7.7

This vulnerability allows SQL injection in XWiki Platform's Ratings API for users with Script rights. Attackers can execute arbitrary SQL queries, pot...

Mar 23, 2021

CVE-2021-21379 7.7

This CVE allows privilege escalation in XWiki Platform where the {{wikimacrocontent}} executes content with wiki macro author rights instead of caller...

Mar 12, 2021

← Previous Page 3 of 3

Why Monitor Xwiki Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 125+ known vulnerabilities affecting Xwiki products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Xwiki packages in under 60 seconds. No agents required - completely agentless scanning that works across Xwiki deployments.

Free vulnerability database: Access detailed information about every Xwiki CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Xwiki CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Xwiki CVEs Free