Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Browse Security Advisories

Security Advisories for org.xwiki.platform:xwiki-platform-web-templates Clear Filters

Critical
11 months ago

In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them GSA_kwCzR0hTQS1mOTYzLTRjcTgtMmd3N84AA-yB

maven org.xwiki.platform:xwiki-platform-web-templates
Critical
12 months ago

XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution GSA_kwCzR0hTQS02OTJ2LTc4M2YtbWc4eM4AA-S3

maven org.xwiki.platform:xwiki-platform-web-templates
Critical
almost 2 years ago

XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages GSA_kwCzR0hTQS05M2doLWpnamotcjkyOc4AA2sM

maven org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Critical
almost 2 years ago

XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled GSA_kwCzR0hTQS1xY2o5LWdjcGctNHcyd84AA2sL

maven org.xwiki.platform:xwiki-platform-web-templates
Critical
almost 2 years ago

XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title GSA_kwCzR0hTQS1naGY2LTJmNDItbWpoOc4AA2sK

maven org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Critical
almost 2 years ago

XWiki Platform XSS vulnerability from account in the create page form via template provider GSA_kwCzR0hTQS1ncjgyLThmajItZ2djM84AA2sJ

maven org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-web-standard, org.xwiki.platform:xwiki-platform-web-templates
Moderate
almost 2 years ago

XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer GSA_kwCzR0hTQS1oOGNtLTN2NWYtcmdwNs4AA1aU

maven org.xwiki.platform:xwiki-platform-web-templates
Critical
about 2 years ago

XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template GSA_kwCzR0hTQS1yOHhjLXh4aDMtcTV4M84AAz_x

maven org.xwiki.platform:xwiki-platform-web-templates
Critical
about 2 years ago

XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template GSA_kwCzR0hTQS14MjM0LW1nN3EtbThnOM4AAz_w

maven org.xwiki.platform:xwiki-platform-web-templates
Critical
about 2 years ago

XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template GSA_kwCzR0hTQS1mcDdoLWY5ZjUteDRxN84AAz9l

maven org.xwiki.platform:xwiki-platform-web-templates, org.xwiki.platform:xwiki-platform-web
Moderate
over 2 years ago

xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro GSA_kwCzR0hTQS1mcDM2LW1qdzUtZm1neM4AAy5w

maven org.xwiki.platform:xwiki-platform-web-templates
Critical
over 2 years ago

xwiki-platform-web-templates vulnerable to Eval Injection GSA_kwCzR0hTQS1oZzV4LTN3M3gtN2c5Ns4AAy5v

maven org.xwiki.platform:xwiki-platform-web-templates
High
over 2 years ago

Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro GSA_kwCzR0hTQS02dmdoLTlyM2MtMmN4cM4AAyu8

maven org.xwiki.platform:xwiki-web-standard, org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates, org.xwiki.platform:xwiki-platform-flamingo, org.xwiki.platform:xwiki-platform-flamingo-skin, org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Low
over 2 years ago

Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm GSA_kwCzR0hTQS12dnA3LXI0MjItcng4M84AAyu5

maven org.xwiki.platform:xwiki-platform-web-templates
Moderate
almost 3 years ago

XWiki Cross-Site Request Forgery (CSRF) for actions on tags GSA_kwCzR0hTQS1meHdyLTR2cTktOXZoas4AAu2B

maven org.xwiki.platform:xwiki-platform-web-templates
High
almost 3 years ago

XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor GSA_kwCzR0hTQS01OTl2LXc0OGgtcmpybc4AAu1h

maven org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
High
almost 3 years ago

XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard GSA_kwCzR0hTQS1oNWozLTV4NjMtcDhqds4AAu1K

maven org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Moderate
over 3 years ago

Unauthenticated user can retrieve the list of users through uorgsuggest.vm GSA_kwCzR0hTQS05N2pnLTQzYzktcTZwZs05dA

maven org.xwiki.platform:xwiki-platform-web-templates
High
over 3 years ago

Cross site scripting in registration template in xwiki-platform GSA_kwCzR0hTQS1neDZoLTkzNmMtdnJycs0p3Q

maven org.xwiki.platform:xwiki-platform-web-templates

Filter by Severity

Moderate 10,056 High 8,036 Critical 3,299 Low 1,442

Filter by Ecosystem

maven 6,630 packagist 5,356 pypi 4,831 npm 4,188 go 2,794 nuget 1,700 cargo 1,065 rubygems 918 hex 37 swift 35 actions 32 pub 10

Filter by Package

tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 418 magento/community-edition 300 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 239 typo3/cms 190 org.apache.tomcat:tomcat 138 pimcore/pimcore 120 dolibarr/dolibarr 116 github.com/mattermost/mattermost/server/v8 115 typo3/cms-core 111 phpmyadmin/phpmyadmin 107 Django 107 drupal/core 103 com.liferay.portal:release.portal.bom 100 magento/project-community-edition 100 microweber/microweber 99 silverstripe/framework 92 com.liferay.portal:release.dxp.bom 91 apache-airflow 85 drupal/drupal 83 librenms/librenms 82 thorsten/phpmyfaq 73 Plone 72 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 concrete5/concrete5 65 github.com/usememos/memos 65 salt 65 ansible 63 actionpack 61 apache-superset 57 shopware/platform 57 org.apache.struts:struts2-core 57 github.com/grafana/grafana 56 mlflow 53 craftcms/cms 51 org.keycloak:keycloak-core 50 nova 48 baserproject/basercms 47 django 46 org.apache.tomcat.embed:tomcat-embed-core 46 nokogiri 46 shopware/core 45 gradio 44 github.com/rancher/rancher 44 mautic/core 44 vyper 44 matrix-synapse 42 rdiffweb 42 nilsteampassnet/teampass 42 mantisbt/mantisbt 41 org.keycloak:keycloak-services 41 k8s.io/kubernetes 41 org.xwiki.platform:xwiki-platform-oldcore 41 plone 41 showdoc/showdoc 41 org.elasticsearch:elasticsearch 41 github.com/hashicorp/vault 40 froxlor/froxlor 40 intelliants/subrion 39 github.com/mattermost/mattermost-server/v6 39 directus 38 com.thoughtworks.xstream:xstream 37 snipe/snipe-it 36 net.mingsoft:ms-mcms 36 com.jfinal:jfinal 36 moin 35 io.undertow:undertow-core 34 github.com/answerdev/answer 34 org.jenkins-ci.plugins:script-security 34 zendframework/zendframework1 34 parse-server 33 keystone 32 gogs.io/gogs 32 github.com/cilium/cilium 31 github.com/argoproj/argo-cd/v2 31 github.com/argoproj/argo-cd 31 opencv-python 31 Pillow 31 github.com/hashicorp/nomad 31 opencv-contrib-python 31 getgrav/grav 30 shopware/shopware 30 rack 29 github.com/docker/docker 29 github.com/hashicorp/consul 29 github.com/mattermost/mattermost-server 29 org.apache.solr:solr-core 28 mediawiki/core 28 electron 28 org.opencms:opencms-core 27 centreon/centreon 27 pillow 26 openssl-src 26 org.springframework.security:spring-security-core 26 next 26 prestashop/prestashop 26 rubygems-update 25 contao/core-bundle 25 org.eclipse.jetty:jetty-server 25 open-webui 25 github.com/traefik/traefik/v2 24 surrealdb 24 getkirby/cms 24 pocketmine/pocketmine-mp 24 magento/core 24 org.keycloak:keycloak-parent 24 laravel/framework 23 simplesamlphp/simplesamlphp 23 puppet 23 vllm 23 grumpydictator/firefly-iii 23 phpoffice/phpexcel 23 remdex/livehelperchat 23 zendframework/zendframework 23 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 Microsoft.AspNetCore.App.Runtime.win-x86 22 Microsoft.AspNetCore.App.Runtime.win-x64 22 org.apache.openmeetings:openmeetings-parent 22 DotNetNuke.Core 22 @openzeppelin/contracts-upgradeable 22 ckb 22 org.apache.nifi:nifi 21 github.com/ethereum/go-ethereum 21 org.apache.tomcat:tomcat-catalina 21 @openzeppelin/contracts 21 phpoffice/phpspreadsheet 21 glance 21 github.com/goharbor/harbor 21 activerecord 21 Microsoft.AspNetCore.App.Runtime.win-arm 21 golang.org/x/net 20 funadmin/funadmin 20 aim 20 code.gitea.io/gitea 20 wasmtime 20 cockpit-hq/cockpit 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 langchain 20 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 19 neutron 19 github.com/zitadel/zitadel 19 helm.sh/helm/v3 19 deno 19 Microsoft.AspNetCore.App.Runtime.linux-arm 19 Microsoft.AspNetCore.App.Runtime.linux-arm64 19 Microsoft.AspNetCore.App.Runtime.linux-x64 19 Microsoft.AspNetCore.App.Runtime.osx-x64 19 Microsoft.AspNetCore.App.Runtime.win-arm64 19 pyload-ng 19 org.apache.tomcat:tomcat-coyote 19 org.xwiki.platform:xwiki-platform-web-templates 19 genix/cms 18 contao/contao 18 topthink/framework 18 forkcms/forkcms 18 cobbler 18 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 18 mercurial 18 mindsdb 18 com.vaadin:vaadin-bom 18 symfony/security 17 cakephp/cakephp 17 notebook 17 calibreweb 17 opencart/opencart 17 org.apache.geode:geode-core 17 openmage/magento-lts 17 OctoPrint 17 org.apache.inlong:manager-pojo 17 org.springframework:spring-core 17 cryptography 17 francoisjacquet/rosariosis 17 typo3/cms-backend 17 yetiforce/yetiforce-crm 17 ezsystems/ezpublish-kernel 17 phpbb/phpbb 16 org.apache.ranger:ranger 16 github.com/traefik/traefik/v3 16 paddlepaddle 16 PaddlePaddle 16 org.apache.activemq:activemq-client 16 lollms 16 org.apache.jspwiki:jspwiki-main 16 rusqlite 16 sequelize 16 org.apache.dubbo:dubbo 16 Microsoft.NetCore.App.Runtime.win-arm 16 github.com/openfga/openfga 16 Microsoft.NetCore.App.Runtime.win-arm64 16 Microsoft.NetCore.App.Runtime.win-x64 16 Microsoft.NetCore.App.Runtime.win-x86 16 org.bouncycastle:bcprov-jdk15 16 october/system 16 tinymce 16 ethyca-fides 16

Filter by Repository

https://github.com/xwiki/xwiki-platform 19