XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Unauthorized User Registration Through the Distribution Wizard in org.xwiki.platform:xwiki-platform-web-templatesGHSA-h5j3-5x63-p8jv published
Sep 8, 2022 by surliHigh -
Authentication Bypass Using the Login Action in org.xwiki.platform:xwiki-platform-oldcoreGHSA-8h89-34w2-jpfm published
Sep 8, 2022 by surliHigh -
Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-web-templatesGHSA-599v-w48h-rjrm published
Sep 8, 2022 by surliHigh -
Improper Authorization check for inactive users in org.xwiki.platform:xwiki-platform-oldcoreGHSA-jgc8-gvcx-9vfx published
Sep 8, 2022 by surliHigh -
It's possible to overwrite the security rules of a page with a final page having the same referenceGHSA-gg53-wf5x-r3r6 published
Sep 7, 2022 by surliHigh -
Improper Privilege Management in XWiki resolving groups in XWiki.WebHomeGHSA-g4h6-qp44-wqvx published
Sep 7, 2022 by surliHigh -
It's possible to access a classloader file out of the "templates/" prefix through template managerGHSA-9qrp-h7fw-42hg published
May 25, 2022 by surliLow -
Saving a document with a large object number leads to persistent OOM errorsGHSA-92wp-r7hm-42g7 published
Mar 1, 2023 by tmortagneModerate -
XSS in wiki manager join wiki pageGHSA-ph5x-h23x-7q5q published
May 25, 2022 by surliHigh -
XSS in Filter Stream Converter ApplicationGHSA-xjfw-5vv5-vjq2 published
May 31, 2022 by surliHigh
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database