XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Privilege escalation (PR) from view right on XWiki.ClassSheetGHSA-mjw9-3f9f-jq2w published
Apr 18, 2023 by tmortagneCritical -
Privilege escalation (PR) from account/view through VFS Tree macroGHSA-p67q-h88v-5jgr published
Apr 18, 2023 by tmortagneCritical -
Tags on non-viewable pages can be releave to usersGHSA-7f2f-pcv3-j2r7 published
Jun 20, 2023 by manuelleducModerate -
It's possible to break many translations of a wikiGHSA-9jq5-xwqw-q8j3 published
Apr 18, 2023 by tmortagneModerate -
Privilege escalation (PR) from view right using Invitation.InvitationCommonGHSA-px54-3w5j-qjg9 published
Apr 18, 2023 by tmortagneCritical -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-attachment-uiGHSA-3hjg-cghv-22ww published
Apr 18, 2023 by tmortagneCritical -
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewerGHSA-m3c3-9qj7-7xmx published
Apr 18, 2023 by tmortagneHigh -
Privilege escalation (PR) from view right on XWiki.AttachmentSelectorGHSA-3989-4c6x-725f published
Apr 18, 2023 by tmortagneCritical -
Creating an App Within Minutes app grants space admin rights and thus allows cross-site scripting (XSS)GHSA-44h9-xxvx-pg6x published
Apr 18, 2023 by tmortagneHigh -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in template provider administrationGHSA-9j36-3cp4-rh4j published
Apr 18, 2023 by tmortagneCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database