Search
Total
58 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3137 | 1 Xwiki | 1 Xwiki | 2021-01-22 | 3.5 LOW | 5.4 MEDIUM |
| XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section. | |||||
| CVE-2018-16277 | 1 Xwiki | 1 Xwiki | 2018-11-15 | 3.5 LOW | 5.4 MEDIUM |
| The Image Import function in XWiki through 10.7 has XSS. | |||||
| CVE-2010-4642 | 1 Xwiki | 1 Xwiki | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4641 | 1 Xwiki | 1 Xwiki | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-4898 | 1 Xwiki | 1 Xwiki | 2008-11-15 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 Enterprise RC2 allows remote authenticated users, with administrative access to one wiki in a multiwiki environment, to obtain sensitive information via unknown attack vectors. NOTE: Some of these details are obtained from third party information. | |||||
| CVE-2007-4888 | 1 Xwiki | 1 Xwiki | 2008-11-15 | 3.5 LOW | N/A |
| The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable. | |||||
| CVE-2006-7223 | 1 Xwiki | 1 Xwiki | 2008-09-05 | 6.5 MEDIUM | N/A |
| PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document. | |||||
| CVE-2005-4862 | 1 Xwiki | 1 Xwiki | 2008-09-05 | 5.0 MEDIUM | N/A |
| The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password. | |||||