Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

XWikiplatform

XWiki is a free and Open source wiki software platform written in Java with a design emphasis on extensibility. XWiki is an enterprise wiki. It includes WYSIWYG editing OpenDocument-based document import/export annotations and tagging and advanced permissions management.

Official Site:

https://xwiki.com/

Severity Summary:

Critical: 24 High: 101 Medium: 86 Low: 4
Reference
Title
Severity
CVE-2025-29926
XWikiplatform Missing Authorization Vulnerability
Critical
CVE-2023-46731
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
Critical
CVE-2023-37277
XWiki Cross-Site Request Forgery (CSRF) Vulnerability
Critical
CVE-2022-29161
XWiki Inadequate Encryption Strength Vulnerability
Critical
CVE-2022-36094
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Critical
CVE-2022-36098
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Critical
CVE-2022-36096
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Critical
CVE-2023-29201
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Critical
CVE-2023-29202
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Critical
CVE-2023-45134
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Critical
CVE-2023-45136
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Critical
CVE-2023-29207
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Critical
CVE-2024-31996
XWikiplatform Improper Control of Generation of Code (Code Injection) Vulnerability
Critical
CVE-2024-55663
XWikiplatform Improper Encoding or Escaping of Output Vulnerability
Critical
CVE-2023-27479
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Critical
CVE-2024-31982
XWikiplatform Improper Control of Generation of Code (Code Injection) Vulnerability
Critical
CVE-2023-26477
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
Critical
CVE-2025-24893
XWikiplatform Improper Control of Generation of Code (Code Injection) Vulnerability
Critical
CVE-2023-32071
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Critical
CVE-2023-31126
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Critical
CVE-2025-32974
XWikiplatform Improper Encoding or Escaping of Output Vulnerability
Critical
CVE-2025-32969
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2025-32973
XWikiplatform Missing Authorization Vulnerability
Critical
CVE-2024-21650
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
Critical
CVE-2023-29516
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-29209
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2023-27480
XWiki Improper Restriction of XML External Entity Reference Vulnerability
High
CVE-2023-29210
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2023-29509
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2023-26476
XWiki Improper Restriction of Excessive Authentication Attempts Vulnerability
High