xwiki 漏洞列表

XWiki平台是一个通用的维基平台。在15.10.14、16.4.6和16.10.0-rc-1之前，当请求REST端点/rest/wikis/[wikiName]/pages时，即使用户没有查看权限，受保护的页面也会被列出。当整个维基用"防止未注册用户查看页面"保护时，这一点尤其明显：该端点仍会列出维基的页面，但仅限于主维基。这个问题在XWiki 15.10.14、16.4.6、16.10.0RC1中得到了修复。在这些版本中，仍然可以请求该端点，但结果会根据页面的权限进行过滤。

XWiki Platform 是一个通用的 wiki 平台，为构建在其之上的应用程序提供运行时服务。在特定版本范围内存在一个漏洞，允许通过 webjars API 访问配置文件。

XWiki 平台是一个通用的 wiki 平台，为构建在其之上的应用程序提供运行时服务。在版本 6.1-milestone-2 到 16.10.6 中，可以通过webjars API 访问配置文件

在版本 4.2-milestone-2 到 16.10.6 中，配置文件可通过 jsx 和 sx 端点访问。可以 访问和读取配置文件。

远程未经身份验证的用户可能会从 HQL 执行上下文中逃脱并执行盲 SQL 注入以在数据库后端执行任意 SQL语句，包括启用“阻止未注册用户查看页面，无论页面权限如何”和“阻止未注册用户编辑页面，无论页面权限如何”选项。根据所使用的数据库后端，攻击者不仅可以从数据库中获取密码哈希等机密信息，还可以执行 UPDATE/INSERT/DELETE 查询。

An unauthenticated user can retrieve a list of users and their full names through a publicly accessible URL in XWiki. The issue affects versions before 12.10.11, 13.4.4, and 13.9-rc-1.

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.

Reflected XSS vulnerability in XWiki authenticate endpoints allows execution of arbitrary JavaScript.

XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS).

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as: > xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.0-rc-1.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: > xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain).

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.

XWiki Platform is vulnerable to reflected XSS via the previewactions template. An attacker can inject JavaScript through the xcontinue parameter.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link.

XWiki is vulnerable to reflected cross-site scripting (RXSS) via the rev parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation.

The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don't include the data for the right check. This can be reproduced by opening <xwiki-server>/xwiki/bin/get/XWiki/SuggestSolrService?outputSyntax=plain&media=json&nb=1000&query=q%3D*%3A*%0Aq.op%3DAND%0Afq%3Dtype%3ADOCUMENT%0Afl%3Dtitle_%2C+reference%2C+links%2C+doccontentraw_%2C+objcontent__&input=+ where <xwiki-server> is the URL of the XWiki installation. If this displays any results, the wiki is vulnerable.

XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.

The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email* using XWiki's regular search interface.

XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests.

XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.

A vulnerability in XWiki Platform's REST API allows unauthorized users to access document history information. The REST API endpoint exposes the history of any page including modification times, version numbers, author details (username and display name), and version comments, regardless of access rights configuration, even on private wikis.

Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity, and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 15.10.11, 16.4.1, and 16.5.0RC1.

A vulnerability in XWiki's REST API allows unauthenticated users to access information about private pages through the pages endpoint. This could lead to disclosure of sensitive information and page metadata.

XWiki Platform versions >= 4.2-milestone-3 and < 16.4.8, >= 16.5.0-rc-1 and < 16.10.6, and >= 17.0.0-rc-1 and < 17.3.0-rc-1 are vulnerable to reflected XSS in two templates. The vulnerability allows an attacker to execute malicious JavaScript code in the context of the victim's session by getting the victim to visit an attacker-controlled URL.

A SQL injection vulnerability exists in XWiki's REST API query endpoint. An unauthenticated attacker can execute arbitrary SQL queries through the 'q' parameter by manipulating the HQL query, potentially leading to data exfiltration or system compromise.

A vulnerability in XWiki's WYSIWYG API allows an attacker to redirect users to arbitrary external URLs through the xerror parameter. This could be used in phishing attacks to redirect users to malicious websites.

A vulnerability in XWiki's REST API allows unauthenticated users to access attachments list and metadata through the attachments endpoint. This could lead to disclosure of sensitive information stored in attachments metadata.

A vulnerability in XWiki's XML view functionality exposes sensitive information such as passwords and email addresses that are stored in custom fields not explicitly named as password or email. This information disclosure occurs when accessing user profiles with the xml.vm template.

SQL注入漏洞是指攻击者通过在Web应用程序的输入字段中插入恶意SQL代码，从而绕过应用程序的安全措施，直接对数据库执行非法操作。这种漏洞通常发生在应用程序未对用户输入进行充分验证和过滤的情况下，使得攻击者能够获取、修改或删除数据库中的数据，甚至可能执行服务器上的任意代码。

XWiki 平台是一个通用的 wiki 平台，为构建在其之上的应用程序提供运行时服务。文档 "SkinsCode.XWikiSkinsSheet" 中的转义不正确会导致从该文档上的视图到编程权限的注入向量，可以执行任意脚本宏，包括 Groovy 和 Python 宏，这些宏允许远程代码执行，包括对所有 wiki 内容的无限制读写访问。攻击者可以通过打开一个不存在的页面来实现，该页面的名称被精心设计为包含危险的有效载荷。可以检查现有安装是否存在漏洞。

XWiki 是一个开源的企业级协作平台，提供丰富的功能和扩展性。XWiki SolrSearchMacros /bin/get/Main/SolrSearch 接口存在远程代码执行漏洞（CVE-2025-24893）。攻击者可以通过特制的 HTTP 请求利用该漏洞执行任意代码，进而控制服务器，导致敏感信息泄露或系统被完全接管。

Wiki Platform是一个通用的wiki平台。其RESTAPI会暴露XWiki中任何页面的历史记录，攻击者只要知道页面名称就能访问这些信息。暴露的信息包括页面的每次修改的修改时间、版本号、修改者（用户名和显示名称）以及版本注释。无论权限设置如何，甚至是当wiki被配置为完全私有时，这些信息也会被暴露。在一个私有的wiki中，可以通过访问/xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history来测试这一点，如果这显示了主页的历史记录，那么该安装就存在漏洞。这一漏洞已在XWiki15.10.9和XWiki 16.3.0RC1中得到修复。

XWiki 平台是一个通用的 wiki 平台，用户在构建应用程序提供运行时服务时。任何互联网用户都可以通过对 'SolrSearch'的请求来执行任意远程代码执行。这会影响整个 XWiki 安装的机密性、完整性和可用性。

XWiki存在远程代码执行漏洞，此漏洞是由于XWikiRegister接口对用户的请求验证不当导致的。

XWiki Platform 未授权 代码注入漏洞

攻击者可通过该漏洞在服务器端任意执行代码，写入后门，获取服务器权限，进而控制整个web服务器。

XWiki Platform 存在远程代码执行漏洞，此漏洞是程序对用户输入DatabaseSearch的数据缺乏校验导致的。

XWiki平台是一个强大、灵活且可扩展的开源协作软件，用于创建和管理文档、知识库、任务列表等。XWiki < 4.10.15 存在信息泄露漏洞。

XWiki平台是一个强大、灵活且可扩展的开源协作软件，用于创建和管理文档、知识库、任务列表等。XWiki < 4.10.20存在代码执行漏洞，攻击者可以通过该漏洞执行任意代码，进而执行命令获取服务器权限。

在XWiki上发现了一个反射型跨站脚本漏洞，该漏洞是由于对导入栏视图的editor和section参数验证不充分造成的。

XWiki SearchAdmin存在命令注入漏洞。此漏洞是由于对ExtensionPointId等参数缺乏校验导致的。

XWiki Platform是XWiki基金会的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 存在安全漏洞，该漏洞源于 XWiki 的数据库搜索允许通过搜索文本远程执行代码。这允许公共 wiki 的任何访问者或封闭 wiki 的用户远程执行代码，因为默认情况下所有用户都可以访问数据库搜索。

XWiki Platform存在远程代码执行漏洞，该漏洞是由于WebHome接口对用户请求的参数的值验证不当造成的。

XWiki Change Request存在跨站脚本漏洞，该漏洞是由于接口对用户请求的crTitle参数的值验证不当导致的。

XWiki存在一个命令注入漏洞。该漏洞是由于对标签值的验证不充分导致的。

XWiki存在存储型XSS漏洞。此漏洞是由于对删除的附件名校验不充分导致的。

XWiki 平台是一个通用的 wiki平台，为在其上构建的应用程序提供运行服务，文档“SkinsCode.XWikiSkinsSheet”中的不当转义会导致从该文档的视图到编程权限的注入向量，导致远程执行代码。