Security

SECURITY.md

Security Policy

XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro
GHSA-9pc2-x9qf-7j2q published Apr 12, 2023 by tmortagne

Critical
Data leak through deleted documents
GHSA-4f8g-fq6x-jqrr published Apr 12, 2023 by tmortagne

High
Privilege escalation (PR) via async macro and IconThemeSheet from the user profile
GHSA-vwr6-qp4q-2wj7 published Mar 1, 2023 by tmortagne

Critical
Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro
GHSA-6vgh-9r3c-2cxp published Apr 12, 2023 by tmortagne

High
It's possible to execute anything with superadmin right through comments and async macro
GHSA-9cqm-5wf7-wcj7 published Mar 1, 2023 by tmortagne

Critical
Stored XSS via the HTML displayer in Live Data
GHSA-32fq-m2q5-h83g published Mar 1, 2023 by manuelleduc

High
Improper Handling of Exceptional Conditions in org.xwiki.platform:xwiki-platform-rendering-parser
GHSA-52vf-hvv3-98h7 published Mar 1, 2023 by manuelleduc

Moderate
Basic XSS by exploiting JSX or SSX plugins
GHSA-cmvg-w72j-7phx published Apr 12, 2023 by tmortagne

Critical
Exposed Dangerous Method or Function in org.xwiki.platform:xwiki-platform-store-filesystem-oldcore
GHSA-8692-g6g9-gm5p published Mar 1, 2023 by manuelleduc

Moderate
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-flamingo-theme-ui
GHSA-x2qm-r4wx-8gpg published Mar 1, 2023 by manuelleduc

Critical

Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Security

SECURITY.md

Security Policy

Uh oh!

Security: xwiki/xwiki-platform

Security

SECURITY.md

Security Policy