Org.xwiki.platform:xwiki-platform-web

This hub aggregates every CVE we track for Org.xwiki.platform:xwiki-platform-web, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

OSS Libraries

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH5MEDIUM5CRITICAL5

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Org.xwiki.platform:xwiki-platform-web.

CVE-2026-26000XWiki Platform affected by click-jacking through CSS injection in comments6.1Feb 12, 2026
CVE-2023-45137XWiki Platform XSS with edit right in the create document form for existing pages9.0Oct 25, 2023
CVE-2023-45135XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title9.0Oct 25, 2023
CVE-2023-45134XWiki Platform XSS vulnerability from account in the create page form via template provider9.0Oct 25, 2023
CVE-2023-34464XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template9.0Jun 23, 2023
CVE-2023-29207Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro8.9Apr 15, 2023
CVE-2023-26473XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm6.5Mar 2, 2023
CVE-2022-36094XWiki Platform Web Parent POM vulnerable to XSS in the attachment history8.9Sep 8, 2022
CVE-2022-36093XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard8.5Sep 8, 2022
CVE-2022-36091XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor7.5Sep 8, 2022
CVE-2022-24820Unauthenticated user can list hidden document from multiple velocity templates5.3Apr 8, 2022
CVE-2022-23619Information exposure in xwiki-platform5.3Feb 9, 2022
CVE-2021-32731The reset password form reveal users email address5.3Jul 1, 2021
CVE-2021-29459XSS Cross Site Scripting9.6Apr 20, 2021
CVE-2020-13654XWiki Platform before 12.8 mishandles escaping in the property displayer.7.5Dec 31, 2020

Product normalization is registry-driven with AI assist and human review. How it works