Security

SECURITY.md

Security Policy

XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.

Users can be created even when registration is disabled without validation via the template macro
GHSA-fp36-mjw5-fmgx published Apr 18, 2023 by tmortagne

Moderate
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-web-templates
GHSA-hg5x-3w3x-7g96 published Apr 18, 2023 by tmortagne

Critical
Privilege escalation (PR) from account/view through AdminFieldsDisplaySheet and admin.vm
GHSA-rfh6-mg6h-h668 published Apr 12, 2023 by manuelleduc

Critical
RCE via unescaped translations
GHSA-4v38-964c-xjmw published Apr 18, 2023 by tmortagne

Critical
Privilege escalation (PR) from account through FlamingoThemesCode.WebHomeSheet
GHSA-vrr8-fp7c-7qgp published Apr 12, 2023 by manuelleduc

Critical
RCE in Annotations
GHSA-h6f5-8jj5-cxhr published Mar 1, 2023 by tmortagne

Critical
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-flamingo-theme-ui
GHSA-f4v8-58f6-mwj4 published Apr 12, 2023 by manuelleduc

Critical
Privilege escalation via properties with wiki syntax that are executed with the wrong author
GHSA-3738-p9x3-mv9r published Mar 1, 2023 by tmortagne

Critical
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in org.xwiki.platform:xwiki-platform-livedata-macro
GHSA-hmm7-6ph9-8jf2 published Apr 12, 2023 by tmortagne

High
Incorrect Use of Privileged APIs in org.xwiki.platform:xwiki-platform-oldcore with DocumentAuthors
GHSA-pwfv-3cvg-9m4c published Apr 12, 2023 by tmortagne

Critical

Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Security

SECURITY.md

Security Policy

Uh oh!

Security: xwiki/xwiki-platform

Security

SECURITY.md

Security Policy