XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Users with just edit right can enforce required rights with programming rightGHSA-rhfv-688c-p6hp published
May 21, 2025 by michituxModerate -
Privilege escalation through link refactoringGHSA-jm43-hrq7-r7w6 published
Jun 13, 2025 by surliHigh -
Required right warnings for macros are incompleteGHSA-c32m-27pj-4xcj published
Jun 13, 2025 by michituxHigh -
Title of inaccessible pages available through the class property values REST APIGHSA-mvp5-qx9c-c3fv published
Jun 13, 2025 by michituxHigh -
Remote code execution through default value of wiki macro wiki-type parametersGHSA-9875-cw22-f7cx published
Jun 13, 2025 by michituxHigh -
Privilege escalation (PR) through realtime WYSIWYG editingGHSA-rmm7-r7wr-xpfg published
Jan 14, 2025 by mfloreaCritical -
Remote code execution through preview of XClass changes in AWM editorGHSA-jp4x-w9cj-97q7 published
Jun 13, 2025 by michituxHigh -
No warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin rightGHSA-ff6v-w58f-v97w published
Jun 13, 2025 by michituxModerate -
SQL injection in query endpoint of REST API with OracleGHSA-prwh-7838-xf82 published
Jun 12, 2025 by tmortagneCritical -
No required right warnings for notification displayer objectsGHSA-j7p2-87q3-44w7 published
Jun 13, 2025 by michituxModerate
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database