Tag

Xwiki

3 briefs RSS

XWiki Platform Livetable Vulnerability Allows Password Hash Reconstruction

A vulnerability in XWiki Platform allows an attacker to reconstruct password hashes using 768 requests through the `LiveTableResults` macro, impacting versions prior to 18.0.0RC1, 17.10.13, 17.4.9, and 16.10.17.

XWiki Platform xwiki credential-access password-hash-disclosure cve-2026-48048

1r 3w ago

medium advisory

XWiki Multiple Vulnerabilities Allow File Manipulation and Information Disclosure

2 rules 2 TTPs

An authenticated remote attacker can exploit multiple vulnerabilities in XWiki to manipulate files and disclose information.

XWiki vulnerability file-manipulation information-disclosure

2r 2t 4w ago

high advisory

XWiki Remote Code Execution via Unprotected Velocity Scripting API

2 rules 2 TTPs

XWiki is vulnerable to remote code execution due to an improperly protected scripting API, allowing users with script rights to bypass the Velocity scripting API sandbox and execute arbitrary code, leading to full instance compromise.

xwiki rce velocity scripting CVE-2026-33229

2r 2t Apr 8, 2026