org.xwiki.platform:xwiki-platform-rest-server
Maven11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.xwiki.platform:xwiki-platform-rest-serverpage 1 of 1
- CVE-2022-41936MEDIUMCVSS 5.3EG 5.3✓ Fixed in 14.62022-11-22
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unaut…
- CVE-2023-35151HIGHCVSS 7.5EG 7.5✓ Fixed in 15.12023-06-23
XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activat…
- CVE-2023-37277CRITICALCVSS 9.6EG 9.6✓ Fixed in 15.22023-07-10
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts `text/plain`, `multipart/form-data` or `application/www-form-u…
- CVE-2024-45591MEDIUMCVSS 5.3EG 5.3✓ Fixed in 16.3.0-rc-12024-09-10
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the ver…
- CVE-2025-29925MEDIUMCVSS 5.3EG 5.3✓ Fixed in 16.10.0-rc-12025-03-19
XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/[wikiName]/pages even if the user doesn't have view rights on them. It's part…
- CVE-2025-32969CRITICALCVSS 9.8EG 9.8✓ Fixed in 16.10.12025-04-23
XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to exec…
- CVE-2025-46554MEDIUMCVSS 5.3EG 5.3✓ Fixed in 16.7.02025-04-30
XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.7.0, anyone can access the metadata of any attach…
- CVE-2025-49584HIGHCVSS 7.5EG 7.5✓ Fixed in 17.0.02025-06-13
XWiki is a generic wiki platform. In XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, the title of every single page whose reference is known can be accessed through the REST API as long as an XCla…
- CVE-2025-52472CRITICALCVSS 9.3EG 9.3✓ Fixed in 16.10.92025-10-06
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL inject…
- CVE-2025-66473HIGHCVSS 7.5EG 7.5✓ Fixed in 17.7.0-rc-12025-12-10
XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a s…
- CVE-2026-33137CRITICALCVSS 9.3EG 9.3✓ Fixed in 18.1.0-rc-12026-05-20
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, …
Check whether org.xwiki.platform:xwiki-platform-rest-server is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.xwiki.platform:xwiki-platform-rest-server CVEs against the assets you own.
Start Free Scan →