National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): xwiki
There are 11 matching records.
Vuln ID Summary CVSS Severity
CVE-2019-15302

The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification.

Published: September 11, 2019; 05:15:11 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 5.5 MEDIUM
CVE-2018-16277

The Image Import function in XWiki through 10.7 has XSS.

Published: September 27, 2018; 08:29:01 PM -04:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2017-1000051

Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content

Published: July 17, 2017; 09:18:17 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2012-1019

Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/DownloadFeedback. NOTE: some of these details are obtained from third party information.

Published: February 07, 2012; 07:55:01 PM -05:00
    V2: 4.3 MEDIUM
CVE-2010-4642

Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: December 30, 2010; 04:00:06 PM -05:00
    V2: 4.3 MEDIUM
CVE-2010-4641

SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: December 30, 2010; 04:00:06 PM -05:00
    V2: 7.5 HIGH
CVE-2010-4640

Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name parameters to bin/register/XWiki/Register. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: December 30, 2010; 04:00:06 PM -05:00
    V2: 4.3 MEDIUM
CVE-2007-4898

Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 Enterprise RC2 allows remote authenticated users, with administrative access to one wiki in a multiwiki environment, to obtain sensitive information via unknown attack vectors. NOTE: Some of these details are obtained from third party information.

Published: September 14, 2007; 02:17:00 PM -04:00
    V2: 2.1 LOW
CVE-2006-7223

PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.

Published: September 13, 2007; 08:17:00 PM -04:00
    V2: 6.5 MEDIUM
CVE-2007-4888

The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable.

Published: September 13, 2007; 08:17:00 PM -04:00
    V2: 3.5 LOW
CVE-2005-4862

The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password.

Published: December 31, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM