XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Required right warnings for macros are incompleteGHSA-c32m-27pj-4xcj published
Jun 13, 2025 by michituxHigh -
Title of inaccessible pages available through the class property values REST APIGHSA-mvp5-qx9c-c3fv published
Jun 13, 2025 by michituxHigh -
Remote code execution through default value of wiki macro wiki-type parametersGHSA-9875-cw22-f7cx published
Jun 13, 2025 by michituxHigh -
Privilege escalation (PR) through realtime WYSIWYG editingGHSA-rmm7-r7wr-xpfg published
Jan 14, 2025 by mfloreaCritical -
Remote code execution through preview of XClass changes in AWM editorGHSA-jp4x-w9cj-97q7 published
Jun 13, 2025 by michituxHigh -
No warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin rightGHSA-ff6v-w58f-v97w published
Jun 13, 2025 by michituxModerate -
SQL injection in query endpoint of REST API with OracleGHSA-prwh-7838-xf82 published
Jun 12, 2025 by tmortagneCritical -
No required right warnings for notification displayer objectsGHSA-j7p2-87q3-44w7 published
Jun 13, 2025 by michituxModerate -
No required right warnings for XClass definitionsGHSA-59w6-r9hm-439h published
Jun 13, 2025 by michituxHigh -
SQL injection in getdocuments.vm with sort parameterGHSA-wh34-m772-5398 published
Dec 12, 2024 by manuelleducCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database