org.xwiki.platform:xwiki-platform-web-templates vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-40105Mediumorg.xwiki.platform:xwiki-platform-web-templates: XWiki has Reflected Cross-Site Scripting (XSS) in page history compareCVE-2026-24128Mediumorg.xwiki.platform:xwiki-platform-web-templates: XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error MessagesCVE-2025-66472Mediumorg.xwiki.platform:xwiki-platform-flamingo-skin-resources: XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplicationCVE-2025-32430Mediumorg.xwiki.platform:xwiki-platform-web-templates: XWiki allows Reflected XSS in two templatesCVE-2024-43401Criticalorg.xwiki.platform:xwiki-platform-web-templates: In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit themCVE-2024-41947Criticalorg.xwiki.platform:xwiki-platform-web-templates: XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolutionCVE-2023-45137Criticalorg.xwiki.platform:xwiki-platform-web-templates: XWiki Platform vulnerable to XSS with edit right in the create document form for existing pagesCVE-2023-45136Criticalorg.xwiki.platform:xwiki-platform-web-templates: XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabledCVE-2023-45135Criticalorg.xwiki.platform:xwiki-platform-web-templates: XWiki users can be tricked to execute scripts as the create page action doesn't display the page's titleCVE-2023-45134Criticalorg.xwiki.platform:xwiki-platform-web-templates: XWiki Platform XSS vulnerability from account in the create page form via template providerCVE-2023-40176Mediumorg.xwiki.platform:xwiki-platform-web-templates: XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayerCVE-2023-35160Criticalorg.xwiki.platform:xwiki-platform-web-templates: XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit templateCVE-2023-35159Criticalorg.xwiki.platform:xwiki-platform-web-templates: XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace templateCVE-2023-34464Criticalorg.xwiki.platform:xwiki-platform-web: XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent templateCVE-2023-29513Mediumorg.xwiki.platform:xwiki-platform-web-templates: xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macroCVE-2023-29512Criticalorg.xwiki.platform:xwiki-platform-web-templates: xwiki-platform-web-templates vulnerable to Eval InjectionCVE-2023-29207Highorg.xwiki.platform:xwiki-platform-flamingo-skin-resources: Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable MacroCVE-2023-29203Loworg.xwiki.platform:xwiki-platform-web-templates: Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm CVE-2022-36095Mediumorg.xwiki.platform:xwiki-platform-web-templates: XWiki Cross-Site Request Forgery (CSRF) for actions on tagsCVE-2022-36091Highorg.xwiki.platform:xwiki-platform-web-templates: XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized ActorCVE-2022-36093Highorg.xwiki.platform:xwiki-platform-web-templates: XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution WizardCVE-2022-24819Mediumorg.xwiki.platform:xwiki-platform-web-templates: Unauthenticated user can retrieve the list of users through uorgsuggest.vmCVE-2022-23622Highorg.xwiki.platform:xwiki-platform-web-templates: Cross site scripting in registration template in xwiki-platform

Stop the waste.
Protect your environment with Kodem.