Shodan
Vulnerabilities
Vulnerable Software
Xwiki:  >> Xwiki  Security Vulnerabilities
CVE-2020-11057
In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0.
CVSS Score
9.9
EPSS Score
0.022
Published
2020-05-12
CVE-2018-16277
The Image Import function in XWiki through 10.7 has XSS.
CVSS Score
5.4
EPSS Score
0.006
Published
2018-09-28
CVE-2010-4641
SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.011
Published
2010-12-30
CVE-2010-4642
Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.011
Published
2010-12-30
CVE-2007-4898
Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 Enterprise RC2 allows remote authenticated users, with administrative access to one wiki in a multiwiki environment, to obtain sensitive information via unknown attack vectors. NOTE: Some of these details are obtained from third party information.
CVSS Score
2.1
EPSS Score
0.009
Published
2007-09-14
CVE-2006-7223
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.
CVSS Score
6.5
EPSS Score
0.015
Published
2007-09-14
CVE-2007-4888
The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable.
CVSS Score
3.5
EPSS Score
0.008
Published
2007-09-14
CVE-2005-4862
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password.
CVSS Score
5.0
EPSS Score
0.011
Published
2005-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved