Vulnerabilidades em xwiki-contrib
17 resultadosCVE-2023-45138CRITICALChange Request Application vulnerable to XSS and remote code execution through change request titleEPSS 71.2%CVE-2023-48292CRITICALXWiki Admin Tools Application Run Shell Command allows CSRF RCE attacksEPSS 22.9%CVE-2023-22457CRITICALorg.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request ForgeryEPSS 18.7%CVE-2023-49280HIGHData leak of password hash through xwiki change requestEPSS 0.9%CVE-2022-39387CRITICALXWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication EPSS 0.9%CVE-2025-49594CRITICALXWiki OIDC Authenticator vulnerable to creation of token for any user with just `view` rightEPSS 0.5%CVE-2025-58365HIGHXWiki Blog Application: Privilege Escalation (PR) from account through blog contentEPSS 0.5%CVE-2025-46558CRITICALorg.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown contentEPSS 0.4%CVE-2023-48293HIGHXWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queriesEPSS 0.4%CVE-2025-66024HIGHXWiki Blog Application home page vulnerable to Stored XSS via Post TitleEPSS 0.4%CVE-2025-31487HIGHThe XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA serverEPSS 0.3%CVE-2025-65091CRITICALXWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONServiceEPSS 0.3%CVE-2025-65090MEDIUMXWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONServiceEPSS 0.2%CVE-2025-52133MEDIUMThe Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import.EPSS 0.2%CVE-2025-52131MEDIUMThe Mocca Calendar application before 2.15 for XWiki allows XSS via the background or text color field.EPSS 0.2%CVE-2025-52132MEDIUMThe Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page.EPSS 0.2%CVE-2026-42140MEDIUMServer-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameterEPSS 0.2%