Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

XWikiplatform

XWiki is a free and Open source wiki software platform written in Java with a design emphasis on extensibility. XWiki is an enterprise wiki. It includes WYSIWYG editing OpenDocument-based document import/export annotations and tagging and advanced permissions management.

Official Site:

https://xwiki.com/

Severity Summary:

Critical: 31 High: 115 Medium: 94 Low: 5
Reference
Title
Severity
CVE-2024-46979
XWikiplatform Other Vulnerability
Medium
CVE-2022-23621
XWiki Files or Directories Accessible to External Parties Vulnerability
Medium
CVE-2025-66472
XWikiplatform Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-51990
XWikiplatform Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-41933
XWiki Insufficiently Protected Credentials Vulnerability
Medium
CVE-2024-31464
XWikiplatform Use of Password Hash With Insufficient Computational Effort Vulnerability
Medium
CVE-2023-36477
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-41932
XWiki Allocation of Resources Without Limits or Throttling Vulnerability
Medium
CVE-2026-26000
XWikiplatform Improper Restriction of Rendered UI Layers or Frames Vulnerability
Medium
CVE-2024-38369
XWiki Incorrect Authorization Vulnerability
Medium
CVE-2025-32430
XWikiplatform Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-41046
XWiki Missing Authorization Vulnerability
Medium
CVE-2025-32972
XWikiplatform Vulnerability
Medium
CVE-2023-50720
XWiki Vulnerability
Medium
CVE-2025-54124
XWikiplatform Exposure of Private Personal Information to an Unauthorized Actor Vulnerability
Medium
CVE-2023-46732
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-45137
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-26480
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-26479
XWiki Improper Handling of Exceptional Conditions Vulnerability
Medium
CVE-2023-50732
XWiki Incorrect Authorization Vulnerability
Medium
CVE-2025-32970
XWikiplatform URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2024-55876
XWikiplatform Missing Authorization Vulnerability
Medium
CVE-2023-37911
XWiki Exposure of Resource to Wrong Sphere Vulnerability
Medium
CVE-2025-46554
XWikiplatform Missing Authorization Vulnerability
Medium
CVE-2025-32783
XWikiplatform Other Vulnerability
Medium
CVE-2025-29925
XWikiplatform Other Vulnerability
Medium
CVE-2024-21651
XWiki Uncontrolled Resource Consumption Vulnerability
Medium
CVE-2021-32621
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
Medium
CVE-2023-29206
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-54125
XWikiplatform Exposure of Private Personal Information to an Unauthorized Actor Vulnerability
Medium