XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Saving a document with a large object number leads to persistent OOM errorsGHSA-92wp-r7hm-42g7 published
Mar 1, 2023 by tmortagneModerate -
XSS in wiki manager join wiki pageGHSA-ph5x-h23x-7q5q published
May 25, 2022 by surliHigh -
XSS in Filter Stream Converter ApplicationGHSA-xjfw-5vv5-vjq2 published
May 31, 2022 by surliHigh -
XSS in the Flamingo theme managerGHSA-vmhh-xh3g-j992 published
May 25, 2022 by surliModerate -
XSS in registration templateGHSA-gx6h-936c-vrrr published
Feb 9, 2022 by tmortagneHigh -
Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinxGHSA-ghcq-472w-vf4h published
Apr 8, 2022 by surliModerate -
Unauthenticated user can list hidden document from multiple velocity templatesGHSA-qpp2-2mcp-2wm5 published
Apr 8, 2022 by surliModerate -
Unauthenticated user can retrieve the list of users through uorgsuggest.vmGHSA-97jg-43c9-q6pf published
Apr 8, 2022 by surliModerate -
It's possible to read any file from the WAR with just SCRIPT right through $xwiki.invokeServletAndReturnAsStringGHSA-2jhm-qp48-hv5j published
Feb 9, 2022 by tmortagneModerate -
It's possible to save pretty much anything anywhere by creating and using an SSX/JSX containing "../" in its referenceGHSA-7ph6-5cmq-xgjq published
Feb 9, 2022 by tmortagneHigh
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database