XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Privilege escalation (PR) through realtime WYSIWYG editingGHSA-rmm7-r7wr-xpfg published
Jan 14, 2025 by mfloreaCritical -
SQL injection in getdocuments.vm with sort parameterGHSA-wh34-m772-5398 published
Dec 12, 2024 by manuelleducCritical -
SQL injection in short form select requests through the script query APIGHSA-g9jj-75mx-wjcx published
Apr 23, 2025 by tmortagneHigh -
SQL injection in query endpoint of REST APIGHSA-f69v-xrj8-rhxf published
Apr 23, 2025 by tmortagneCritical -
The WikiManager REST API allows any user to create wikisGHSA-gfp2-6qhm-7x43 published
Mar 19, 2025 by surliHigh -
Wrong wiki reference used in AuthorizationManagerGHSA-gq32-758c-3wm3 published
Mar 19, 2025 by surliHigh -
Unregistered users can access private pages information through REST endpointGHSA-22q5-9phm-744v published
Mar 19, 2025 by surliHigh -
Unregistered users can see "public" messages from a closed wiki via notifications from a different wikiGHSA-42fh-pvvh-999x published
Apr 16, 2025 by surliModerate -
Remote code execution as guest via SolrSearchMacros requestGHSA-rr6p-3pfg-562j published
Feb 20, 2025 by michituxCritical -
Remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosListGHSA-2r87-74cx-2p7c published
Dec 12, 2024 by manuelleducCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database