XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Remote code execution through the extension sheetGHSA-j2pq-22jj-4pm5 published
Dec 12, 2024 by manuelleducCritical -
Document history including authors of any page exposed to unauthorized actorsGHSA-pvmm-55r5-g3mm published
Sep 10, 2024 by michituxModerate -
XSS through conflict resolutionGHSA-692v-783f-mg8x published
Jul 31, 2024 by michituxCritical -
RCE from script right in configurable sectionsGHSA-r279-47wg-chpr published
Dec 12, 2024 by manuelleducCritical -
Scheduler in subwiki allows scheduling operations for any main wiki userGHSA-cwq6-mjmx-47p6 published
Dec 12, 2024 by manuelleducModerate -
XSS through XClass name in string propertiesGHSA-wcg9-pgqv-xm5v published
Aug 19, 2024 by surliCritical -
Document deletion and overwrite from editGHSA-33gp-gmg3-hfpq published
Jul 31, 2024 by michituxModerate -
XSS through attachment filename in uploaderGHSA-wf3x-jccf-5g5g published
Jul 31, 2024 by michituxModerate -
Disabling a user account changes its author, allowing RCE from user accountGHSA-j584-j2vj-3f93 published
Jun 20, 2024 by michituxCritical -
Missing checks for notification filter preferences editionsGHSA-r95w-889q-x2gx published
Sep 18, 2024 by surliModerate
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database