XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Upgrading doesn't prevent exploiting vulnerable XWiki documentsGHSA-8q9q-r9v2-644m published
Jun 29, 2023 by michituxCritical -
Arbitrary server side file writing from account through office converterGHSA-vcvr-v426-3m3m published
Oct 25, 2023 by michituxCritical -
Velocity execution without script right through tree macroGHSA-p5f8-qf24-24cj published
Dec 19, 2023 by tmortagneHigh -
Privilege escalation from script right to programming right through title displayerGHSA-rmxw-c48h-2vf5 published
Nov 7, 2023 by tmortagneCritical -
Privilege escalation/RCE via the edit actionGHSA-g2qq-c5j9-5w5w published
Nov 7, 2023 by tmortagneCritical -
Privilege escalation (PR) from account through NotificationRSSServiceGHSA-94pf-92hw-2hjc published
Jun 29, 2023 by michituxCritical -
Privilege escalation (PR) from account through AWM content fieldsGHSA-5mf8-v43w-mfxp published
Aug 21, 2023 by mfloreaCritical -
Privilege escalation (PR)/RCE from account through Invitation subject/messageGHSA-7954-6m9q-gpvf published
Aug 17, 2023 by manuelleducCritical -
Privilege escalation (PR) from account through like LiveTableResultsGHSA-rf8j-q39g-7xfm published
Jun 20, 2023 by manuelleducCritical -
RXSS via delattachment actionGHSA-phwm-87rg-27qq published
Jun 22, 2023 by surliHigh
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database