org.xwiki.platform:xwiki-platform-oldcore (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.xwiki.platform:xwiki-platform-oldcore, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (45)
CVE-2023-26474 — CVSS 9.9 (critical): XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author…
CVE-2024-31987 — CVSS 9.9 (critical): XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any…
CVE-2023-29526 — CVSS 9.9 (critical): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible…
CVE-2023-29523 — CVSS 9.9 (critical): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own…
CVE-2024-31981 — CVSS 9.9 (critical): XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code…
CVE-2023-46243 — CVSS 9.9 (critical): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible…
CVE-2023-36468 — CVSS 9.9 (critical): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is…
CVE-2024-56158 — CVSS 9.8 (critical): XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMS_XMLGEN or DBMS_XMLQUERY…
CVE-2025-54385 — CVSS 9.8 (critical): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions between 17.0.0-rc1 to…
CVE-2026-33229 — CVSS 9.8 (critical): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an…
CVE-2023-46242 — CVSS 9.6 (critical): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible…
CVE-2021-29459 — CVSS 9.6 (critical): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently…
CVE-2023-29507 — CVSS 9.1 (critical): XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a…
CVE-2023-40572 — CVSS 9.0 (critical): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to…
CVE-2024-43400 — CVSS 9.0 (critical): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without…
CVE-2024-37899 — CVSS 9.0 (critical): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user…
CVE-2025-32968 — CVSS 8.8 (high): XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a…
CVE-2025-49586 — CVSS 8.8 (high): XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the default…
CVE-2020-15252 — CVSS 8.5 (high): In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application…
CVE-2023-35157 — CVSS 8.4 (high): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform an XSS by…
CVE-2026-40104 — CVSS 8.2 (high): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and…
CVE-2022-31166 — CVSS 8.1 (high): XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it…
CVE-2022-36090 — CVSS 8.1 (high): XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some…
CVE-2024-21648 — CVSS 8.0 (high): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a…
CVE-2023-29208 — CVSS 7.5 (high): XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into…
CVE-2022-41932 — CVSS 7.5 (high): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create…
CVE-2022-36092 — CVSS 7.5 (high): XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights…
CVE-2024-31464 — CVSS 6.8 (medium): XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is…
CVE-2020-15171 — CVSS 6.6 (medium): In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application…
CVE-2006-7223 — CVSS 6.5 (medium): PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document…
CVE-2022-23617 — CVSS 6.5 (medium): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with…
CVE-2023-37911 — CVSS 6.5 (medium): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and…
CVE-2025-54124 — CVSS 6.5 (medium): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and…
CVE-2025-54125 — CVSS 6.5 (medium): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and…
CVE-2023-41046 — CVSS 6.3 (medium): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute…
CVE-2023-26470 — CVSS 5.7 (medium): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm…
CVE-2022-23621 — CVSS 5.5 (medium): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with…
CVE-2022-23615 — CVSS 5.4 (medium): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with…
CVE-2021-43841 — CVSS 5.4 (medium): XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration…
CVE-2022-41929 — CVSS 4.9 (medium): org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized…
CVE-2023-32068 — CVSS 4.7 (medium): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4 it's…
CVE-2023-29204 — CVSS 4.7 (medium): XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security…
CVE-2022-23618 — CVSS 4.7 (medium): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no…
CVE-2024-37898 — CVSS 4.3 (medium): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit…
CVE-2022-29253 — CVSS 2.7 (low): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and…