XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Solr search discloses password hashes of all usersGHSA-p6cp-6r35-32mh published
Dec 15, 2023 by michituxHigh -
RCE from account through SearchAdminGHSA-7654-vfh6-rw6x published
Dec 15, 2023 by michituxCritical -
Solr search discloses email addresses of usersGHSA-2grh-gr37-2283 published
Dec 15, 2023 by michituxModerate -
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClassGHSA-cp3j-273x-3jxc published
Dec 15, 2023 by michituxCritical -
Remote code execution/programming rights with configuration section from any user accountGHSA-qj86-p74r-7wp5 published
Dec 15, 2023 by michituxCritical -
Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest serviceGHSA-7fqr-97j7-jgf4 published
Nov 20, 2023 by michituxHigh -
Remote code execution through the section parameter in Administration as guestGHSA-62pr-qqf7-hh89 published
Nov 6, 2023 by michituxCritical -
RXSS through revision parameter in content menuGHSA-j9rc-w3wv-fv62 published
Nov 6, 2023 by michituxCritical -
XSS from account in the create page form via template providerGHSA-gr82-8fj2-ggc3 published
Oct 25, 2023 by michituxCritical -
XSS with edit right in the create document form for existing pagesGHSA-93gh-jgjj-r929 published
Oct 25, 2023 by michituxCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database