XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Privilege escalation (PR) from account through NotificationRSSServiceGHSA-94pf-92hw-2hjc published
Jun 29, 2023 by michituxCritical -
Privilege escalation (PR) from account through AWM content fieldsGHSA-5mf8-v43w-mfxp published
Aug 21, 2023 by mfloreaCritical -
Privilege escalation (PR)/RCE from account through Invitation subject/messageGHSA-7954-6m9q-gpvf published
Aug 17, 2023 by manuelleducCritical -
Privilege escalation (PR) from account through like LiveTableResultsGHSA-rf8j-q39g-7xfm published
Jun 20, 2023 by manuelleducCritical -
RXSS via delattachment actionGHSA-phwm-87rg-27qq published
Jun 22, 2023 by surliHigh -
Stored XSS via any wiki document and the displaycontent/rendercontent templateGHSA-fp7h-f9f5-x4q7 published
Jun 20, 2023 by michituxCritical -
Email addresses are shown in clear in REST resultsGHSA-8g9c-c9cm-9c56 published
Jun 20, 2023 by manuelleducHigh -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in icon themesGHSA-fm68-j7ww-h9xf published
Jun 29, 2023 by michituxCritical -
Persistent XSS through CKEditor Configuration pagesGHSA-793w-g325-hrw2 published
Jun 30, 2023 by manuelleducCritical -
SXSS in the user profile via the timezone displayerGHSA-h8cm-3v5f-rgp6 published
Aug 21, 2023 by mfloreaCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database