Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

XWikiplatform

XWiki is a free and Open source wiki software platform written in Java with a design emphasis on extensibility. XWiki is an enterprise wiki. It includes WYSIWYG editing OpenDocument-based document import/export annotations and tagging and advanced permissions management.

Official Site:

https://xwiki.com/

Severity Summary:

Critical: 31 High: 115 Medium: 94 Low: 5
Reference
Title
Severity
CVE-2023-29515
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-32729
XWiki Incorrect Permission Assignment for Critical Resource Vulnerability
Medium
CVE-2022-29258
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-29253
XWiki Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2022-29252
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-37900
XWikiplatform Improper Control of Generation of Code (Code Injection) Vulnerability
Medium
CVE-2024-37898
XWikiplatform Missing Authorization Vulnerability
Medium
CVE-2022-24820
XWiki Missing Authentication for Critical Function Vulnerability
Medium
CVE-2024-43400
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2005-4862
XWiki Credentials Management Errors Vulnerability
Medium
CVE-2006-7223
XWiki Permissions Privileges and Access Controls Vulnerability
Medium
CVE-2022-41935
XWiki Other Vulnerability
Medium
CVE-2010-4642
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-16277
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-3137
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-21379
XWiki Improper Preservation of Permissions Vulnerability
Medium
CVE-2022-24897
XWiki Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2021-29459
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-32730
XWiki Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2023-34464
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-15171
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Medium
CVE-2021-32732
XWiki Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2022-23616
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Medium
CVE-2022-23617
XWiki Missing Authorization Vulnerability
Medium
CVE-2022-23618
XWiki URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2022-23622
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-23615
XWiki Incorrect Authorization Vulnerability
Medium
CVE-2022-24819
XWiki Exposure of Private Personal Information to an Unauthorized Actor Vulnerability
Medium
CVE-2023-34466
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2022-29251
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium