XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable MacroGHSA-6vgh-9r3c-2cxp published
Apr 12, 2023 by tmortagneHigh -
It's possible to execute anything with superadmin right through comments and async macroGHSA-9cqm-5wf7-wcj7 published
Mar 1, 2023 by tmortagneCritical -
Stored XSS via the HTML displayer in Live DataGHSA-32fq-m2q5-h83g published
Mar 1, 2023 by manuelleducHigh -
Improper Handling of Exceptional Conditions in org.xwiki.platform:xwiki-platform-rendering-parserGHSA-52vf-hvv3-98h7 published
Mar 1, 2023 by manuelleducModerate -
Basic XSS by exploiting JSX or SSX pluginsGHSA-cmvg-w72j-7phx published
Apr 12, 2023 by tmortagneCritical -
Exposed Dangerous Method or Function in org.xwiki.platform:xwiki-platform-store-filesystem-oldcoreGHSA-8692-g6g9-gm5p published
Mar 1, 2023 by manuelleducModerate -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-flamingo-theme-uiGHSA-x2qm-r4wx-8gpg published
Mar 1, 2023 by manuelleducCritical -
Macro execution as any user without programming rights through the context macroGHSA-859x-p6jp-rc2w published
Mar 1, 2023 by tmortagneModerate -
Multiple instances of stored cross-site scripting (XSS) via HTML and raw macroGHSA-vxf7-mx22-jr24 published
Apr 12, 2023 by tmortagneCritical -
URL Redirection to Untrusted Site ('Open Redirect') in org.xwiki.platform:xwiki-platform-oldcoreGHSA-xwph-x6xj-wggv published
Apr 12, 2023 by tmortagneModerate
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database