pkg:Maven/org.xwiki.platform:xwiki-platform-rest-server

所有已知漏洞

• CRITICAL9.8CVE-2025-32969org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API
  >= 1.8, < 15.10.16
• CRITICAL9.6CVE-2023-37277XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API
  >= 1.8, < 14.10.8
• HIGH7.5CVE-2023-35151XWiki Platform may show email addresses in clear in REST results
  >= 7.3-milestone-1, < 14.4.8
• MEDIUM5.3CVE-2025-46554XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API
  >= 1.8.1, < 14.10.22
• MEDIUM5.3CVE-2024-45591XWiki Platform document history including authors of any page exposed to unauthorized actors
  >= 1.8.0, < 15.10.9
• MEDIUM5.3CVE-2022-41936Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server
  >= 8.1, < 13.10.8
• —CVE-2026-33137XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
  >= 15.10.6, < 16.10.17
• —CVE-2025-66473XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis
  from 0, < 16.10.11
• —CVE-2025-52472XWiki Platform is vulnerable to HQL injection via wiki and space search REST API
  >= 17.0.0-rc-1, < 17.4.2
• —CVE-2025-49584XWiki makes title of inaccessible pages available through the class property values REST API
  >= 10.9, < 16.4.7
• —CVE-2025-29925XWiki allows unregistered users to access private pages information through REST endpoint
  >= 1.9M1, < 15.10.14