XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
CSRF in the job schedulerGHSA-j2r6-r929-v6gf published
Apr 10, 2024 by surliModerate -
Denial of Service attack through attachmentsGHSA-8959-rfxh-r4j4 published
Jan 8, 2024 by tmortagneHigh -
Remote Code Execution Vulnerability via User RegistrationGHSA-rj7p-xjv7-7229 published
Jan 8, 2024 by michituxCritical -
No right protection on rollback actionGHSA-xh35-w7wg-95v3 published
Jan 8, 2024 by surliHigh -
Solr search discloses password hashes of all usersGHSA-p6cp-6r35-32mh published
Dec 15, 2023 by michituxHigh -
RCE from account through SearchAdminGHSA-7654-vfh6-rw6x published
Dec 15, 2023 by michituxCritical -
Solr search discloses email addresses of usersGHSA-2grh-gr37-2283 published
Dec 15, 2023 by michituxModerate -
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClassGHSA-cp3j-273x-3jxc published
Dec 15, 2023 by michituxCritical -
Remote code execution/programming rights with configuration section from any user accountGHSA-qj86-p74r-7wp5 published
Dec 15, 2023 by michituxCritical -
Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest serviceGHSA-7fqr-97j7-jgf4 published
Nov 20, 2023 by michituxHigh
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database