org.xwiki.platform:xwiki-platform-web vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-26000Mediumorg.xwiki.platform:xwiki-platform-web: XWiki vulnerable to click-jacking through CSS injection in commentsCVE-2023-45137Criticalorg.xwiki.platform:xwiki-platform-web-templates: XWiki Platform vulnerable to XSS with edit right in the create document form for existing pagesCVE-2023-45135Criticalorg.xwiki.platform:xwiki-platform-web-templates: XWiki users can be tricked to execute scripts as the create page action doesn't display the page's titleCVE-2023-45134Criticalorg.xwiki.platform:xwiki-platform-web-templates: XWiki Platform XSS vulnerability from account in the create page form via template providerCVE-2023-34464Criticalorg.xwiki.platform:xwiki-platform-web: XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent templateCVE-2023-29207Highorg.xwiki.platform:xwiki-platform-flamingo-skin-resources: Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable MacroCVE-2023-26473Mediumorg.xwiki.platform:xwiki-platform-web: Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vmCVE-2022-36091Highorg.xwiki.platform:xwiki-platform-web-templates: XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized ActorCVE-2022-36093Highorg.xwiki.platform:xwiki-platform-web-templates: XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution WizardCVE-2022-36094Highorg.xwiki.platform:xwiki-platform-web: XWiki Platform Web Parent POM vulnerable to XSS in the attachment historyCVE-2022-24820Mediumorg.xwiki.platform:xwiki-platform-web: Unauthenticated user can list hidden document from multiple velocity templates in XWikiCVE-2020-13654Highorg.xwiki.platform:xwiki-platform-web: Improper escaping in XWiki PlatformCVE-2022-23619Mediumorg.xwiki.platform:xwiki-platform-web: Information exposure in xwiki-platformCVE-2021-32731Mediumorg.xwiki.platform:xwiki-platform-web: The reset password form reveal users email addressCVE-2021-29459Criticalorg.xwiki.platform:xwiki-platform-oldcore: XSS Cross Site Scripting

Stop the waste.
Protect your environment with Kodem.