XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Improper Authorization check for inactive users in org.xwiki.platform:xwiki-platform-oldcoreGHSA-jgc8-gvcx-9vfx published
Sep 8, 2022 by surliHigh -
It's possible to overwrite the security rules of a page with a final page having the same referenceGHSA-gg53-wf5x-r3r6 published
Sep 7, 2022 by surliHigh -
Improper Privilege Management in XWiki resolving groups in XWiki.WebHomeGHSA-g4h6-qp44-wqvx published
Sep 7, 2022 by surliHigh -
It's possible to access a classloader file out of the "templates/" prefix through template managerGHSA-9qrp-h7fw-42hg published
May 25, 2022 by surliLow -
Saving a document with a large object number leads to persistent OOM errorsGHSA-92wp-r7hm-42g7 published
Mar 1, 2023 by tmortagneModerate -
XSS in wiki manager join wiki pageGHSA-ph5x-h23x-7q5q published
May 25, 2022 by surliHigh -
XSS in Filter Stream Converter ApplicationGHSA-xjfw-5vv5-vjq2 published
May 31, 2022 by surliHigh -
XSS in the Flamingo theme managerGHSA-vmhh-xh3g-j992 published
May 25, 2022 by surliModerate -
XSS in registration templateGHSA-gx6h-936c-vrrr published
Feb 9, 2022 by tmortagneHigh -
Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinxGHSA-ghcq-472w-vf4h published
Apr 8, 2022 by surliModerate
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database