XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Data leak through deleted and re-created documentsGHSA-gh64-qxh5-4m33 published
Oct 25, 2023 by michituxModerate -
Obfuscated email addresses should not be sortedGHSA-g9w4-prf3-m25g published
Jul 27, 2023 by surliModerate -
Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheetGHSA-v2rr-xw95-wcjx published
Oct 25, 2023 by michituxCritical -
CSRF privilege escalation/RCE via the edit actionGHSA-hgpw-6p4h-j6h5 published
Nov 7, 2023 by tmortagneCritical -
Cross-site request forgery (CSRF) via the REST APIGHSA-6xxr-648m-gch6 published
Jul 10, 2023 by michituxCritical -
Upgrading doesn't prevent exploiting vulnerable XWiki documentsGHSA-8q9q-r9v2-644m published
Jun 29, 2023 by michituxCritical -
Arbitrary server side file writing from account through office converterGHSA-vcvr-v426-3m3m published
Oct 25, 2023 by michituxCritical -
Velocity execution without script right through tree macroGHSA-p5f8-qf24-24cj published
Dec 19, 2023 by tmortagneHigh -
Privilege escalation from script right to programming right through title displayerGHSA-rmxw-c48h-2vf5 published
Nov 7, 2023 by tmortagneCritical -
Privilege escalation/RCE via the edit actionGHSA-g2qq-c5j9-5w5w published
Nov 7, 2023 by tmortagneCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database