XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Unprivileged users can make arbitrary select queries using DatabaseListProperty and suggest.vmGHSA-vpx4-7rfp-h545 published
Mar 1, 2023 by tmortagneModerate -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-panels-ui (IncludedDocuments)GHSA-qx9h-c5v6-ghqh published
Apr 12, 2023 by tmortagneCritical -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-logging-uiGHSA-4655-wh7v-3vmg published
Apr 12, 2023 by tmortagneCritical -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-panels-ui (IncludedPagesDocumentInformation)GHSA-c5f4-p5wv-2475 published
Apr 12, 2023 by tmortagneCritical -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-wiki-ui-mainwikiGHSA-w7v9-fc49-4qg4 published
Apr 12, 2023 by tmortagneCritical -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-panels-uiGHSA-qxjg-jhgw-qhrv published
Mar 7, 2023 by vmassolCritical -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-notifications-uiGHSA-p9mj-v5mf-m82x published
Apr 12, 2023 by tmortagneCritical -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-legacy-notification-activitymacroGHSA-9pc2-x9qf-7j2q published
Apr 12, 2023 by tmortagneCritical -
Data leak through deleted documentsGHSA-4f8g-fq6x-jqrr published
Apr 12, 2023 by tmortagneHigh -
Privilege escalation (PR) via async macro and IconThemeSheet from the user profileGHSA-vwr6-qp4q-2wj7 published
Mar 1, 2023 by tmortagneCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database