XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vmGHSA-vvp7-r422-rx83 published
Apr 12, 2023 by tmortagneLow -
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui,org.xwiki.platform:xwiki-platform-wiki-ui-mainwikiGHSA-5cf8-vrr8-8hjm published
Mar 1, 2023 by manuelleducHigh -
Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-serverGHSA-p88w-fhxw-xvcc published
Nov 21, 2022 by surliModerate -
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-uiGHSA-p2x4-6ghr-6vmq published
Nov 21, 2022 by surliModerate -
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in org.xwiki.platform:xwiki-platform-rendering-macro-rssGHSA-c885-89fw-55qr published
Apr 12, 2023 by tmortagneCritical -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-uiGHSA-6w8h-26xx-cf8q published
Nov 21, 2022 by surliCritical -
Missing Authorization in Filter Stream Converter ApplicationGHSA-q6jp-gcww-8v2j published
Nov 21, 2022 by surliCritical -
Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-defaultGHSA-q2hm-2h45-v5g3 published
Nov 21, 2022 by surliModerate -
Creation of new database tables through login form on PostgreSQLGHSA-4x5r-6v26-7j4v published
Nov 21, 2022 by surliHigh -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-uiGHSA-5j7g-cf6r-g2h7 published
Nov 21, 2022 by surliCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database