XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-wiki-ui-mainwikiGHSA-xr6m-2p4m-jvqf published
Sep 8, 2022 by surliCritical -
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in org.xwiki.platform:xwiki-platform-mentions-uiGHSA-c5v8-2q4r-5w9v published
Sep 8, 2022 by surliCritical -
XSS in the move attachment formGHSA-9r9j-57rf-f6vj published
Sep 8, 2022 by surliHigh -
Crypto script service uses hashing algorithm SHA1 with RSA for certificate signatureGHSA-h8v5-p258-pqf4 published
May 5, 2022 by surliModerate -
XSS in the deleted attachments listGHSA-gjmq-x5x7-wc36 published
Sep 8, 2022 by surliHigh -
Cross-Site Request Forgery (CSRF) for actions on tags in XWikiGHSA-fxwr-4vq9-9vhj published
Sep 8, 2022 by surliModerate -
XSS in the attachment historyGHSA-mxf2-4r22-5hq9 published
Sep 8, 2022 by surliHigh -
Unauthorized User Registration Through the Distribution Wizard in org.xwiki.platform:xwiki-platform-web-templatesGHSA-h5j3-5x63-p8jv published
Sep 8, 2022 by surliHigh -
Authentication Bypass Using the Login Action in org.xwiki.platform:xwiki-platform-oldcoreGHSA-8h89-34w2-jpfm published
Sep 8, 2022 by surliHigh -
Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-web-templatesGHSA-599v-w48h-rjrm published
Sep 8, 2022 by surliHigh
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database