Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

XWikiplatform

XWiki is a free and Open source wiki software platform written in Java with a design emphasis on extensibility. XWiki is an enterprise wiki. It includes WYSIWYG editing OpenDocument-based document import/export annotations and tagging and advanced permissions management.

Official Site:

https://xwiki.com/

Severity Summary:

Critical: 24 High: 101 Medium: 86 Low: 4
Reference
Title
Severity
CVE-2024-31985
XWikiplatform Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2021-32732
XWiki Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2023-45137
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-26480
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-31464
XWikiplatform Use of Password Hash With Insufficient Computational Effort Vulnerability
Medium
CVE-2023-26479
XWiki Improper Handling of Exceptional Conditions Vulnerability
Medium
CVE-2024-45591
XWikiplatform Missing Authorization Vulnerability
Medium
CVE-2020-15171
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Medium
CVE-2022-29251
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-32621
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
Medium
CVE-2023-29506
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-24897
XWiki Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2023-34464
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-34466
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2023-35162
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-35161
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-35160
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-29508
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-35159
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-35158
XWiki Improper Neutralization of Alternate XSS Syntax Vulnerability
Medium
CVE-2023-35155
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-35153
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-24820
XWiki Missing Authentication for Critical Function Vulnerability
Medium
CVE-2023-29203
XWiki Exposure of Resource to Wrong Sphere Vulnerability
Medium
CVE-2023-29204
XWiki URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2023-29205
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-35156
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-35157
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-29515
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-29520
XWiki Improper Handling of Exceptional Conditions Vulnerability
Medium