SecAlerts
CVE ListPricingSign Up
xwiki logo

xwiki

Security Risk Profile

61
/100
high

Security Risk Score

Comprehensive risk assessment based on 299 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from December 31, 2005 to present

299
Total CVEs
223
Critical+High
5
Exploited
17
Unpatched

Threat Assessment

Avg CVSS
8.2
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
17
Critical/High
Risk Level
61/100
high
⚠️ 5 Active Exploits 1 Zero-Days🆕 2Fresh (<7d)📈 4 in Last 30 Days

Severity Distribution

Critical
148
High
75
Medium
70
Low
3

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
45

Age Distribution

Common Weaknesses (CWE)

1
XSS
68
2
Code Injection
44
3
CSRF
18
4
Infoleak
13
5
SQL Injection
9

Most Affected Products

1. XWiki xwiki815
2. maven/org.xwiki.platform:xwiki-platform-oldcore73
3. maven/org.xwiki.platform:xwiki-platform-web-templates31
4. maven/org.xwiki.platform:xwiki-platform-rest-server25
5. XWiki commons21

Recent Vulnerabilities

See more →
CVE-2026-33137
CVSS 9.3critical

XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

5/20/2026🔧 No Patch
CVE-2026-23734
CVSS 9.3critical

XWiki Platform: Path traversal via resources parameter in ssx and jsx endpoints when using leading slash

5/20/2026🔧 No Patch
CVE-2026-42140
CVSS 4.4medium

Server-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameter

5/4/2026
CVE-2025-51846
CVSS 8.7high

CryptPad unbounded WebSocket frame flood

4/30/2026
CVE-2026-40104
CVSS 6.9medium

XWiki's REST APIs can list all pages/spaces, leading to unavailability

4/14/2026
CVE-2026-40105
CVSS 6.5medium

XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality

4/14/2026
CVE-2026-33229
CVSS 8.6high

XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API

4/8/2026
CVE-2025-66024
CVSS 8.6high

XWiki Blog Application home page vulnerable to Stored XSS via Post Title

3/4/2026
CVE-2026-26000
CVSS 6.1EPSS 0%medium

XWiki Platform affected by click-jacking through CSS injection in comments

2/12/2026
CVE-2026-24128
CVSS 6.5EPSS 0%medium

XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages

1/23/2026

Monitor xwiki in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.