Security

SECURITY.md

Security Policy

XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.

Remote code execution from edit in multilingual wikis via translations
GHSA-xxp2-9c9g-7wmj published Apr 10, 2024 by surli

Critical
Privilege escalation (PR) from user registration through PDFClass
GHSA-vxwr-wpjv-qjq7 published Apr 10, 2024 by surli

Critical
Password hash might be leaked by diff once the xobject holding them is deleted
GHSA-v782-xr4w-3vqx published Apr 10, 2024 by surli

Moderate
Remote code execution from account through UIExtension parameters
GHSA-c2gg-4gq4-jv5j published Apr 10, 2024 by michitux

Critical
CSRF remote code execution through the realtime HTML Converter API
GHSA-r5vh-gc3r-r24w published Apr 10, 2024 by surli

Critical
CSRF remote code execution through scheduler job's document reference
GHSA-37m4-hqxv-w26g published Apr 10, 2024 by surli

Critical
CSRF in the job scheduler
GHSA-j2r6-r929-v6gf published Apr 10, 2024 by surli

Moderate
Denial of Service attack through attachments
GHSA-8959-rfxh-r4j4 published Jan 8, 2024 by tmortagne

High
Remote Code Execution Vulnerability via User Registration
GHSA-rj7p-xjv7-7229 published Jan 8, 2024 by michitux

Critical
No right protection on rollback action
GHSA-xh35-w7wg-95v3 published Jan 8, 2024 by surli

High

Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database