Org.xwiki.platform:xwiki-platform-oldcore

This hub aggregates every CVE we track for Org.xwiki.platform:xwiki-platform-oldcore, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Org.xwiki.platform:xwiki-platform-oldcore.

• CVE-2026-40104XWiki's REST APIs can list all pages/spaces, leading to unavailability8.2Apr 15, 2026
• CVE-2025-54125XWiki Platform: Password and email exposure in xml.vm fields6.5Aug 5, 2025
• CVE-2025-54124XWiki Platform: Any user with editing rights can access password properties through Database List Properties6.5Aug 5, 2025
• CVE-2025-54385XWiki Platform's searchDocuments API allows for SQL injection9.8Jul 26, 2025
• CVE-2025-49586XWiki allows remote code execution through preview of XClass changes in AWM editor8.8Jun 13, 2025
• CVE-2024-56158XWiki allows SQL injection in query endpoint of REST API with Oracle9.8Jun 12, 2025
• CVE-2025-32968org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API8.8Apr 23, 2025
• CVE-2024-43400XWiki Platform allows XSS through XClass name in string properties9.0Aug 19, 2024
• CVE-2024-37898XWiki Platform vulnerable to document deletion and overwrite from edit4.3Jul 31, 2024
• CVE-2024-37899Disabling a user account changes its author, allowing RCE from user account in XWiki9.0Jun 20, 2024
• CVE-2024-31987XWiki Platform remote code execution from account via custom skins support9.9Apr 10, 2024
• CVE-2024-31981XWiki Platform: Privilege escalation (PR) from user registration through PDFClass9.9Apr 10, 2024
• CVE-2024-31464XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted6.8Apr 10, 2024
• CVE-2024-21648XWiki has no right protection on rollback action8.0Jan 8, 2024
• CVE-2023-46243Code execution via the edit action in XWiki platform9.9Nov 7, 2023