XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcoreGHSA-2gj2-vj98-j2qq published
Nov 21, 2022 by surliModerate -
Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-uiGHSA-p5v9-g8w8-5q4v published
Nov 21, 2022 by surliHigh -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xmlGHSA-9hqh-fmhg-vq2j published
Nov 21, 2022 by surliCritical -
Cross-Site Request Forgery (CSRF) allowing to delete or rename tagsGHSA-mq7h-5574-hw9f published
Nov 21, 2022 by surliHigh -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-tag-uiGHSA-2g5c-228j-p52x published
Sep 8, 2022 by surliCritical -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-wiki-ui-mainwikiGHSA-xr6m-2p4m-jvqf published
Sep 8, 2022 by surliCritical -
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in org.xwiki.platform:xwiki-platform-mentions-uiGHSA-c5v8-2q4r-5w9v published
Sep 8, 2022 by surliCritical -
XSS in the move attachment formGHSA-9r9j-57rf-f6vj published
Sep 8, 2022 by surliHigh -
Crypto script service uses hashing algorithm SHA1 with RSA for certificate signatureGHSA-h8v5-p258-pqf4 published
May 5, 2022 by surliModerate -
XSS in the deleted attachments listGHSA-gjmq-x5x7-wc36 published
Sep 8, 2022 by surliHigh
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database