Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

XWikiplatform

XWiki is a free and Open source wiki software platform written in Java with a design emphasis on extensibility. XWiki is an enterprise wiki. It includes WYSIWYG editing OpenDocument-based document import/export annotations and tagging and advanced permissions management.

Official Site:

https://xwiki.com/

Severity Summary:

Critical: 31 High: 115 Medium: 94 Low: 5
Reference
Title
Severity
CVE-2025-49585
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability
High
CVE-2025-29924
XWikiplatform Incorrect Authorization Vulnerability
High
CVE-2025-23025
XWikiplatform Missing Authorization Vulnerability
High
CVE-2025-48063
XWikiplatform Vulnerability
High
CVE-2025-53836
XWikiplatform Incorrect Authorization Vulnerability
High
CVE-2025-58049
XWikiplatform Improper Removal of Sensitive Information Before Storage or Transfer Vulnerability
High
CVE-2025-49587
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability
High
CVE-2025-49584
XWikiplatform Insertion of Sensitive Information Into Sent Data Vulnerability
High
CVE-2024-55877
XWikiplatform Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2025-49582
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability
High
CVE-2025-49581
XWikiplatform Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2025-49580
XWikiplatform Incorrect Privilege Assignment Vulnerability
High
CVE-2025-49586
XWikiplatform Incorrect Authorization Vulnerability
High
CVE-2025-55748
XWikiplatform Relative Path Traversal Vulnerability
High
CVE-2025-51991
XWikiplatform Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2025-66473
XWikiplatform Allocation of Resources Without Limits or Throttling Vulnerability
High
CVE-2024-55879
XWikiplatform Missing Authorization Vulnerability
High
CVE-2024-55662
XWikiplatform Incorrect Authorization Vulnerability
High
CVE-2022-23619
XWiki Weak Password Recovery Mechanism for Forgotten Password Vulnerability
High
CVE-2024-31988
XWikiplatform Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2020-15252
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2021-21380
XWiki Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2010-4641
XWiki Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2024-43401
XWiki Missing Authorization Vulnerability
High
CVE-2024-37901
XWikiplatform Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2024-31997
XWikiplatform Missing Authorization Vulnerability
High
CVE-2024-31465
XWikiplatform Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2025-32968
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2023-29517
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
High
CVE-2024-31981
XWikiplatform Missing Authorization Vulnerability
High