pkg:Maven/org.xwiki.platform:xwiki-platform-web-templates

23 total CVEsCRITICAL10HIGH4MEDIUM5LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.9CVE-2023-29512xwiki-platform-web-templates vulnerable to Eval Injection
    >= 1.0B1, < 13.10.11
  • CRITICAL9.6CVE-2023-45136XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled
    >= 12.0-rc-1, < 14.10.12
  • CRITICAL9.6CVE-2023-35160XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
    >= 2.5-milestone-2, < 14.10.5
  • CRITICAL9.6CVE-2023-35159XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template
    >= 3.4-milestone-1, < 14.10.5
  • CRITICAL9.0CVE-2024-43401In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
    from 0, < 15.10-rc-1
  • CRITICAL9.0CVE-2024-41947XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
    >= 11.8-rc-1, < 15.10.8
  • CRITICAL9.0CVE-2023-45137XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages
    from 0, < 14.10.12
  • CRITICAL9.0CVE-2023-45135XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
    from 0, < 14.10.12
  • CRITICAL9.0CVE-2023-45134XWiki Platform XSS vulnerability from account in the create page form via template provider
    from 0, < 14.10.12
  • CRITICAL9.0CVE-2023-34464XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
    from 0, < 14.4.8
  • HIGH8.9CVE-2023-29207Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro
    >= 1.9-milestone-2, < 13.10.10
  • HIGH8.5CVE-2022-36093XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
    from 0, < 13.10.5
  • HIGH7.5CVE-2022-36091XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor
    >= 1.3, < 13.10.4
  • HIGH7.4CVE-2022-23622Cross site scripting in registration template in xwiki-platform
    >= 2.6.1, < 12.10.11
  • MEDIUM6.1CVE-2026-40105XWiki has Reflected Cross-Site Scripting (XSS) in page history compare
    >= 10.4-rc-1, < 16.10.16
  • MEDIUM5.4CVE-2023-40176XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer
    >= 4.1-milestone-2, < 14.10.5
  • MEDIUM5.3CVE-2022-24819Unauthenticated user can retrieve the list of users through uorgsuggest.vm
    from 0, < 12.10.11
  • MEDIUM5.0CVE-2023-29513xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro
    >= 8.0-rc-1, < 14.10.1
  • MEDIUM4.3CVE-2022-36095XWiki Cross-Site Request Forgery (CSRF) for actions on tags
    >= 2.0-milestone-1, < 13.10.5
  • LOW3.7CVE-2023-29203Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
    >= 13.9-rc-1, < 13.10.8
  • CVE-2026-24128XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages
    >= 7.0-milestone-2, < 16.10.12
  • CVE-2025-66472XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication
    >= 6.2-milestone-1, < 16.10.10
  • CVE-2025-32430XWiki allows Reflected XSS in two templates
    >= 4.2-milestone-3, < 16.4.8