XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Privilege escalation (PR)/RCE from account through AWM view sheetGHSA-jgrg-qvpp-9vwr published
Apr 18, 2023 by tmortagneCritical -
Retrieve email addresses of all usersGHSA-7vr7-cghh-ch63 published
Jun 20, 2023 by manuelleducHigh -
Async and display macro allow displaying and interacting with any document in restricted modeGHSA-gpq5-7p34-vqx5 published
Apr 18, 2023 by tmortagneCritical -
Privilege escalation (PR) from view right on XWiki.Notifications.Code.LegacyNotificationAdministrationGHSA-jgg7-w2rj-58cj published
Apr 18, 2023 by tmortagneCritical -
Privilege escalation (PR) from account through XWiki.SchedulerJobSheetGHSA-fc42-5w56-qw7h published
Apr 18, 2023 by tmortagneCritical -
Privilege escalation (PR) from view right via Invitation applicationGHSA-6mf5-36v9-3h2w published
Jun 20, 2023 by manuelleducCritical -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in display method used in user profilesGHSA-x764-ff8r-9hpx published
Apr 18, 2023 by tmortagneCritical -
Privilege escalation (PR) from view right on XWiki.ClassSheetGHSA-mjw9-3f9f-jq2w published
Apr 18, 2023 by tmortagneCritical -
Privilege escalation (PR) from account/view through VFS Tree macroGHSA-p67q-h88v-5jgr published
Apr 18, 2023 by tmortagneCritical -
Tags on non-viewable pages can be releave to usersGHSA-7f2f-pcv3-j2r7 published
Jun 20, 2023 by manuelleducModerate
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database