CRITICAL10.0CVE-2024-21650XWiki Remote Code Execution Vulnerability via User Registration >= 2.2, < 14.10.17
CRITICAL10.0CVE-2023-46731XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest from 0, < 14.10.14
CRITICAL9.9CVE-2023-50723Remote code execution/programming rights with configuration section from any user account >= 2.3, < 14.10.15
CRITICAL9.9XWiki vulnerable to Code Injection in template provider administration
>= 4.2-milestone-1, < 13.10.11
CRITICAL9.9Code injection via unescaped translations in xwiki-platform
>= 4.3-milestone-2, < 14.10.2
CRITICAL9.9xwiki-platform-administration-ui vulnerable to privilege escalation
>= 1.5M2, < 13.10.11
CRITICAL9.6XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass
>= 2.3, < 14.10.15
CRITICAL9.1XWiki allows RCE from script right in configurable sections
>= 2.3, < 15.10.9
HIGH8.8Remote code execution in xwiki-platform
>= 3.1-milestone-1, < 13.1RC1
HIGH7.5Cross-Site Request Forgery in xwiki-platform
from 0, < 12.10.5
MEDIUM5.7No CSRF protection on the password change form
from 0, < 12.10.5