XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Missing Authorization on Attachment Move in org.xwiki.platform:xwiki-platform-attachment-apiGHSA-rwwx-6572-mp29 published
Oct 25, 2023 by michituxHigh -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-skin-uiGHSA-h4vp-69r8-gvjg published
Jul 14, 2023 by michituxCritical -
Privilege escalation (PR)/RCE from account through AWM view sheetGHSA-jgrg-qvpp-9vwr published
Apr 18, 2023 by tmortagneCritical -
Retrieve email addresses of all usersGHSA-7vr7-cghh-ch63 published
Jun 20, 2023 by manuelleducHigh -
Async and display macro allow displaying and interacting with any document in restricted modeGHSA-gpq5-7p34-vqx5 published
Apr 18, 2023 by tmortagneCritical -
Privilege escalation (PR) from view right on XWiki.Notifications.Code.LegacyNotificationAdministrationGHSA-jgg7-w2rj-58cj published
Apr 18, 2023 by tmortagneCritical -
Privilege escalation (PR) from account through XWiki.SchedulerJobSheetGHSA-fc42-5w56-qw7h published
Apr 18, 2023 by tmortagneCritical -
Privilege escalation (PR) from view right via Invitation applicationGHSA-6mf5-36v9-3h2w published
Jun 20, 2023 by manuelleducCritical -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in display method used in user profilesGHSA-x764-ff8r-9hpx published
Apr 18, 2023 by tmortagneCritical -
Privilege escalation (PR) from view right on XWiki.ClassSheetGHSA-mjw9-3f9f-jq2w published
Apr 18, 2023 by tmortagneCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database