XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
RXSS via xredirect parameter in deletespace templateGHSA-x234-mg7q-m8g8 published
Jun 22, 2023 by surliCritical -
RXSS via xcontinue parameter in previewactions templateGHSA-q9hg-9qj2-mxf9 published
Jun 20, 2023 by tmortagneCritical -
Privilege escalation (PR) from account through TipsPanelGHSA-h7cw-44vp-jq7h published
Jun 20, 2023 by tmortagneCritical -
URL Redirection to Untrusted Site ('Open Redirect')GHSA-6gvj-8vc5-8v3j published
May 15, 2023 by surliModerate -
Mail.MailConfig can be edited by any user with edit rightsGHSA-g75c-cjr6-39mc published
Jun 20, 2023 by manuelleducCritical -
SXSS in ClassEditSheet page via name parametersGHSA-4wc6-hqv9-qc97 published
Jun 20, 2023 by manuelleducCritical -
RXSS via editor parameter - importinline templateGHSA-j9h5-vcgv-2jfm published
May 9, 2023 by tmortagneCritical -
Privilege escalation (PR)/RCE from account through class sheetGHSA-36fm-j33w-c25f published
May 9, 2023 by tmortagneCritical -
RXSS via xredirect parameter in restore templateGHSA-mwxj-g7fw-7hc8 published
Jun 22, 2023 by surliCritical -
RXSS in target parameter via share page by emailGHSA-fwwj-wg89-7h4c published
Jun 20, 2023 by manuelleducHigh
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database