XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Remote code execution from account via SearchSuggestSourceSheetGHSA-34fj-r5gq-7395 published
Apr 10, 2024 by surliCritical -
Remote code execution as guest via DatabaseSearchGHSA-2858-8cfx-69m9 published
Apr 10, 2024 by surliCritical -
Remote code execution through space title and Solr space facetGHSA-xm4h-3jxr-m3c6 published
Apr 10, 2024 by surliCritical -
Remote code execution from account via custom skins supportGHSA-cv55-v6rw-7r5v published
Apr 10, 2024 by surliCritical -
Remote code execution from edit in multilingual wikis via translationsGHSA-xxp2-9c9g-7wmj published
Apr 10, 2024 by surliCritical -
Privilege escalation (PR) from user registration through PDFClassGHSA-vxwr-wpjv-qjq7 published
Apr 10, 2024 by surliCritical -
Password hash might be leaked by diff once the xobject holding them is deletedGHSA-v782-xr4w-3vqx published
Apr 10, 2024 by surliModerate -
Remote code execution from account through UIExtension parametersGHSA-c2gg-4gq4-jv5j published
Apr 10, 2024 by michituxCritical -
CSRF remote code execution through the realtime HTML Converter APIGHSA-r5vh-gc3r-r24w published
Apr 10, 2024 by surliCritical -
CSRF remote code execution through scheduler job's document referenceGHSA-37m4-hqxv-w26g published
Apr 10, 2024 by surliCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database