XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Stored XSS via any wiki document and the displaycontent/rendercontent templateGHSA-fp7h-f9f5-x4q7 published
Jun 20, 2023 by michituxCritical -
Email addresses are shown in clear in REST resultsGHSA-8g9c-c9cm-9c56 published
Jun 20, 2023 by manuelleducHigh -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in icon themesGHSA-fm68-j7ww-h9xf published
Jun 29, 2023 by michituxCritical -
Persistent XSS through CKEditor Configuration pagesGHSA-793w-g325-hrw2 published
Jun 30, 2023 by manuelleducCritical -
SXSS in the user profile via the timezone displayerGHSA-h8cm-3v5f-rgp6 published
Aug 21, 2023 by mfloreaCritical -
RXSS via back and xcontinue parameters in resubmit templateGHSA-r8xc-xxh3-q5x3 published
Jun 22, 2023 by surliCritical -
RXSS via xredirect parameter in DeleteApplication pageGHSA-4xm7-5q79-3fch published
Jun 22, 2023 by surliCritical -
RXSS via xredirect parameter in delete templateGHSA-834c-x29c-f42c published
Jun 22, 2023 by surliCritical -
RXSS via xredirect parameter in deletespace templateGHSA-x234-mg7q-m8g8 published
Jun 22, 2023 by surliCritical -
RXSS via xcontinue parameter in previewactions templateGHSA-q9hg-9qj2-mxf9 published
Jun 20, 2023 by tmortagneCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database