org.xwiki.platform:xwiki-platform-oldcore vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-34151Highorg.xwiki.platform:xwiki-platform-oldcore: XWiki Platform Old Core: Resource path traversal via /skin/ action endpoint in Jetty 12+CVE-2026-40104Mediumorg.xwiki.platform:xwiki-platform-oldcore: XWiki's REST APIs can list all pages/spaces, leading to unavailabilityCVE-2026-33229Highorg.xwiki.platform:xwiki-platform-oldcore: XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting APICVE-2025-54125Highorg.xwiki.platform:xwiki-platform-oldcore: XWiki exposes passwords and emails stored in fields not named password/email in xml.vmCVE-2025-54124Highorg.xwiki.platform:xwiki-platform-oldcore: XWiki leaks password hashes and other accessible password propertiesCVE-2025-54385Highorg.xwiki.platform:xwiki-platform-oldcore: XWiki Platform vulnerable to SQL injection through XWiki#searchDocuments APICVE-2025-49586Highorg.xwiki.platform:xwiki-platform-oldcore: XWiki allows remote code execution through preview of XClass changes in AWM editorCVE-2024-56158Criticalorg.xwiki.platform:xwiki-platform-oldcore: XWiki allows SQL injection in query endpoint of REST API with OracleCVE-2025-32968Highorg.xwiki.platform:xwiki-platform-oldcore: org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query APICVE-2024-43400Criticalorg.xwiki.platform:xwiki-platform-oldcore: XWiki Platform allows XSS through XClass name in string propertiesCVE-2024-37898Mediumorg.xwiki.platform:xwiki-platform-oldcore: XWiki Platform vulnerable to document deletion and overwrite from editCVE-2024-37899Criticalorg.xwiki.platform:xwiki-platform-oldcore: XWiki Platform allows remote code execution from user accountCVE-2024-31987Criticalorg.xwiki.platform:xwiki-platform-oldcore: XWiki Platform remote code execution from account via custom skins supportCVE-2024-31981Criticalorg.xwiki.platform:xwiki-platform-oldcore: XWiki Platform: Privilege escalation (PR) from user registration through PDFClassCVE-2024-31464Mediumorg.xwiki.platform:xwiki-platform-oldcore: XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deletedCVE-2024-21648Highorg.xwiki.platform:xwiki-platform-oldcore: XWiki has no right protection on rollback actionCVE-2023-46243Highorg.xwiki.platform:xwiki-platform-oldcore: XWiki Platform vulnerable to privilege escalation and remote code execution via the edit actionCVE-2023-46242Criticalorg.xwiki.platform:xwiki-platform-oldcore: XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF tokenCVE-2023-37911Mediumorg.xwiki.platform:xwiki-platform-oldcore: org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documentsCVE-2023-41046Mediumorg.xwiki.platform:xwiki-platform-oldcore: Velocity execution without script right through VelocityCode and VelocityWiki propertyCVE-2023-40572Highorg.xwiki.platform:xwiki-platform-oldcore: XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create actionCVE-2023-36468Criticalorg.xwiki.platform:xwiki-platform-oldcore: Upgrading doesn't prevent exploiting vulnerable XWiki documentsCVE-2023-35157Highorg.xwiki.platform:xwiki-platform-oldcore: XWiki Platform vulnerable to reflected cross-site scripting via delattachment actionCVE-2023-32068Mediumorg.xwiki.platform:xwiki-platform-oldcore: org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerabilityCVE-2023-29526Criticalorg.xwiki.platform:xwiki-platform-oldcore: XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode

Stop the waste.
Protect your environment with Kodem.