XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Privilege escalation (PR) through realtime WYSIWYG editingGHSA-rmm7-r7wr-xpfg published
Jan 14, 2025 by mfloreaCritical -
SQL injection in getdocuments.vm with sort parameterGHSA-wh34-m772-5398 published
Dec 12, 2024 by manuelleducCritical -
The WikiManager REST API allows any user to create wikisGHSA-gfp2-6qhm-7x43 published
Mar 19, 2025 by surliHigh -
Wrong wiki reference used in AuthorizationManagerGHSA-gq32-758c-3wm3 published
Mar 19, 2025 by surliHigh -
Unregistered users can access private pages information through REST endpointGHSA-22q5-9phm-744v published
Mar 19, 2025 by surliHigh -
Remote code execution as guest via SolrSearchMacros requestGHSA-rr6p-3pfg-562j published
Feb 20, 2025 by michituxCritical -
Remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosListGHSA-2r87-74cx-2p7c published
Dec 12, 2024 by manuelleducCritical -
Remote code execution through the extension sheetGHSA-j2pq-22jj-4pm5 published
Dec 12, 2024 by manuelleducCritical -
Document history including authors of any page exposed to unauthorized actorsGHSA-pvmm-55r5-g3mm published
Sep 10, 2024 by michituxModerate -
XSS through conflict resolutionGHSA-692v-783f-mg8x published
Jul 31, 2024 by michituxCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database