Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

XWikiplatform

XWiki is a free and Open source wiki software platform written in Java with a design emphasis on extensibility. XWiki is an enterprise wiki. It includes WYSIWYG editing OpenDocument-based document import/export annotations and tagging and advanced permissions management.

Official Site:

https://xwiki.com/

Severity Summary:

Critical: 31 High: 115 Medium: 94 Low: 5
Reference
Title
Severity
CVE-2023-37914
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2023-37462
XWiki Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection) Vulnerability
High
CVE-2023-29519
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2022-36091
XWiki Missing Authorization Vulnerability
High
CVE-2023-36470
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-50719
XWiki Cleartext Storage of Sensitive Information Vulnerability
High
CVE-2023-36468
XWiki Incomplete Cleanup Vulnerability
High
CVE-2023-29514
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-32069
XWiki Incorrect Authorization Vulnerability
High
CVE-2024-21648
XWiki Improper Handling of Insufficient Privileges Vulnerability
High
CVE-2023-29213
XWiki Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2023-29512
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-29523
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-29524
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-29525
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-29522
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-29527
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-50721
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2023-50722
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
High
CVE-2023-50723
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2022-41934
XWiki Improper Encoding or Escaping of Output Vulnerability
High
CVE-2022-36099
XWiki Improper Encoding or Escaping of Output Vulnerability
High
CVE-2022-36100
XWiki Improper Encoding or Escaping of Output Vulnerability
High
CVE-2023-29510
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-35166
XWiki Vulnerability
High
CVE-2023-29521
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2024-46978
XWikiplatform Other Vulnerability
Medium
CVE-2024-31985
XWikiplatform Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2023-40176
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2026-24128
XWikiplatform Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium