XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Disabling a user account changes its author, allowing RCE from user accountGHSA-j584-j2vj-3f93 published
Jun 20, 2024 by michituxCritical -
Missing checks for notification filter preferences editionsGHSA-r95w-889q-x2gx published
Sep 18, 2024 by surliModerate -
Data leak of notification filters of usersGHSA-pg4m-3gp6-hw4w published
Sep 18, 2024 by surliModerate -
Payloads stored in content is executed when a user with script/programming right edit them with WYSIWYG editorsGHSA-f963-4cq8-2gw7 published
Aug 19, 2024 by surliCritical -
Remote code execution from account via SearchSuggestConfigSheetGHSA-h63h-5c77-77p5 published
Jul 31, 2024 by michituxCritical -
Remote code execution from account via SearchSuggestSourceSheetGHSA-34fj-r5gq-7395 published
Apr 10, 2024 by surliCritical -
Remote code execution as guest via DatabaseSearchGHSA-2858-8cfx-69m9 published
Apr 10, 2024 by surliCritical -
Remote code execution through space title and Solr space facetGHSA-xm4h-3jxr-m3c6 published
Apr 10, 2024 by surliCritical -
Remote code execution from account via custom skins supportGHSA-cv55-v6rw-7r5v published
Apr 10, 2024 by surliCritical -
Remote code execution from edit in multilingual wikis via translationsGHSA-xxp2-9c9g-7wmj published
Apr 10, 2024 by surliCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database