Org.xwiki.platform:xwiki-platform-web-templates
This hub aggregates every CVE we track for Org.xwiki.platform:xwiki-platform-web-templates, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
22
CVEs tracked
11
Critical
4
High
0
In CISA KEV
Severity distribution
CRITICAL11MEDIUM6HIGH4LOW1
Monthly trend
1
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
1
1
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Org.xwiki.platform:xwiki-platform-web-templates.
- CVE-2026-24128XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages6.1
- CVE-2025-66472XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication6.1
- CVE-2025-32430XWiki Platform contains Reflected XSS vulnerability in two templates6.1
- CVE-2024-43401In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them9.0
- CVE-2024-41947XWiki Platform XSS through conflict resolution9.0
- CVE-2023-45137XWiki Platform XSS with edit right in the create document form for existing pages9.0
- CVE-2023-45136XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled9.6
- CVE-2023-45135XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title9.0
- CVE-2023-45134XWiki Platform XSS vulnerability from account in the create page form via template provider9.0
- CVE-2023-40176SXSS in the user profile via the timezone displayer9.0
- CVE-2023-35160XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template9.6
- CVE-2023-35159XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template9.6
- CVE-2023-34464XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template9.0
- CVE-2023-29513Users can be created even when registration is disabled without validation via the template macro in xwiki-platform5.0
- CVE-2023-29512Code injection in xwiki-platform-web-templates9.9
Product normalization is registry-driven with AI assist and human review. How it works