Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

XWikiplatform

XWiki is a free and Open source wiki software platform written in Java with a design emphasis on extensibility. XWiki is an enterprise wiki. It includes WYSIWYG editing OpenDocument-based document import/export annotations and tagging and advanced permissions management.

Official Site:

https://xwiki.com/

Severity Summary:

Critical: 32 High: 116 Medium: 95 Low: 5
Reference
Title
Severity
CVE-2024-21648
XWiki Improper Handling of Insufficient Privileges Vulnerability
High
CVE-2023-36470
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-40177
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2023-36468
XWiki Incomplete Cleanup Vulnerability
High
CVE-2023-35150
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2022-41934
XWiki Improper Encoding or Escaping of Output Vulnerability
High
CVE-2022-36099
XWiki Improper Encoding or Escaping of Output Vulnerability
High
CVE-2022-36100
XWiki Improper Encoding or Escaping of Output Vulnerability
High
CVE-2023-29527
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-35166
XWiki Vulnerability
High
CVE-2023-29525
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2025-49580
XWikiplatform Incorrect Privilege Assignment Vulnerability
High
CVE-2023-29524
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-35152
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2025-48063
XWikiplatform Vulnerability
High
CVE-2025-53836
XWikiplatform Incorrect Authorization Vulnerability
High
CVE-2023-32069
XWiki Incorrect Authorization Vulnerability
High
CVE-2023-35151
XWiki Exposure of Resource to Wrong Sphere Vulnerability
High
CVE-2025-58049
XWikiplatform Improper Removal of Sensitive Information Before Storage or Transfer Vulnerability
High
CVE-2023-34467
XWiki Exposure of Resource to Wrong Sphere Vulnerability
High
CVE-2023-29213
XWiki Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2025-49581
XWikiplatform Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2025-49582
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability
High
CVE-2023-34465
XWiki Improper Privilege Management Vulnerability
High
CVE-2025-49584
XWikiplatform Insertion of Sensitive Information Into Sent Data Vulnerability
High
CVE-2025-49587
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability
High
CVE-2025-49585
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability
High
CVE-2025-23025
XWikiplatform Missing Authorization Vulnerability
High
CVE-2024-45591
XWikiplatform Missing Authorization Vulnerability
Medium
CVE-2005-4862
XWiki Credentials Management Errors Vulnerability
Medium