Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

CMS

XWikiplatform

XWiki is a free and Open source wiki software platform written in Java with a design emphasis on extensibility. XWiki is an enterprise wiki. It includes WYSIWYG editing OpenDocument-based document import/export annotations and tagging and advanced permissions management.

Official Site:

https://xwiki.com/

Severity Summary:

Critical: 24 High: 102 Medium: 86 Low: 4
Reference
Title
Severity
CVE-2022-41928
XWiki Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection) Vulnerability
High
CVE-2022-41931
XWiki Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection) Vulnerability
High
CVE-2023-29212
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2023-26471
XWiki Vulnerability
High
CVE-2010-4641
XWiki Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2023-26472
XWiki Improper Encoding or Escaping of Output Vulnerability
High
CVE-2023-26474
XWiki Vulnerability
High
CVE-2023-26475
XWiki Improper Privilege Management Vulnerability
High
CVE-2023-26476
XWiki Improper Restriction of Excessive Authentication Attempts Vulnerability
High
CVE-2023-27480
XWiki Improper Restriction of XML External Entity Reference Vulnerability
High
CVE-2023-29509
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2024-31997
XWikiplatform Missing Authorization Vulnerability
High
CVE-2023-29209
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2023-29208
XWiki Exposure of Resource to Wrong Sphere Vulnerability
High
CVE-2023-29211
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2023-29210
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2022-41934
XWiki Improper Encoding or Escaping of Output Vulnerability
High
CVE-2024-55877
XWikiplatform Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2024-55879
XWikiplatform Missing Authorization Vulnerability
High
CVE-2025-32968
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2024-55662
XWikiplatform Incorrect Authorization Vulnerability
High
CVE-2023-50719
XWiki Cleartext Storage of Sensitive Information Vulnerability
High
CVE-2022-36091
XWiki Missing Authorization Vulnerability
High
CVE-2023-37462
XWiki Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection) Vulnerability
High
CVE-2023-37914
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2023-40177
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2023-48240
XWiki Server-Side Request Forgery (SSRF) Vulnerability
High
CVE-2023-40572
XWiki Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2023-40573
XWiki Vulnerability
High
CVE-2025-29924
XWikiplatform Incorrect Authorization Vulnerability
High