Security

SECURITY.md

Security Policy

XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.

Tags on non-viewable pages can be releave to users
GHSA-7f2f-pcv3-j2r7 published Jun 20, 2023 by manuelleduc

Moderate
It's possible to break many translations of a wiki
GHSA-9jq5-xwqw-q8j3 published Apr 18, 2023 by tmortagne

Moderate
Privilege escalation (PR) from view right using Invitation.InvitationCommon
GHSA-px54-3w5j-qjg9 published Apr 18, 2023 by tmortagne

Critical
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-attachment-ui
GHSA-3hjg-cghv-22ww published Apr 18, 2023 by tmortagne

Critical
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer
GHSA-m3c3-9qj7-7xmx published Apr 18, 2023 by tmortagne

High
Privilege escalation (PR) from view right on XWiki.AttachmentSelector
GHSA-3989-4c6x-725f published Apr 18, 2023 by tmortagne

Critical
Creating an App Within Minutes app grants space admin rights and thus allows cross-site scripting (XSS)
GHSA-44h9-xxvx-pg6x published Apr 18, 2023 by tmortagne

High
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in template provider administration
GHSA-9j36-3cp4-rh4j published Apr 18, 2023 by tmortagne

Critical
Users can be created even when registration is disabled without validation via the template macro
GHSA-fp36-mjw5-fmgx published Apr 18, 2023 by tmortagne

Moderate
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-web-templates
GHSA-hg5x-3w3x-7g96 published Apr 18, 2023 by tmortagne

Critical

Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security

SECURITY.md

Security Policy

Security: xwiki/xwiki-platform

Security

SECURITY.md

Security Policy