CRITICAL9.9CVE-2023-29525XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration
>= 12.6.1, < 13.10.11
CRITICAL9.0CVE-2023-32071XWiki Platform vulnerable to RXSS via editor parameter - importinline template
>= 2.2-milestone-1, < 14.4.8
HIGH7.5CVE-2024-21651XWiki vulnerable to Denial of Service attack through attachments
>= 14.10, < 14.10.18
—XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter
>= 9.4-rc-1, < 16.10.6
—XWiki Platform has an SQL injection in getdocuments.vm with sort parameter