XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
SQL injection in short form select requests through the script query APIGHSA-g9jj-75mx-wjcx published
Apr 23, 2025 by tmortagneHigh -
SQL injection in query endpoint of REST APIGHSA-f69v-xrj8-rhxf published
Apr 23, 2025 by tmortagneCritical -
The WikiManager REST API allows any user to create wikisGHSA-gfp2-6qhm-7x43 published
Mar 19, 2025 by surliHigh -
Any user with view access to the XWiki space can change the authenticatorGHSA-f9c6-2f9p-82jj published
Apr 30, 2025 by tmortagneHigh -
Wrong wiki reference used in AuthorizationManagerGHSA-gq32-758c-3wm3 published
Mar 19, 2025 by surliHigh -
Unregistered users can access private pages information through REST endpointGHSA-22q5-9phm-744v published
Mar 19, 2025 by surliHigh -
Solr script service doesn't take dropped programming right into accountGHSA-987p-r3jc-8c8v published
Apr 29, 2025 by michituxLow -
Unregistered users can see "public" messages from a closed wiki via notifications from a different wikiGHSA-42fh-pvvh-999x published
Apr 16, 2025 by surliModerate -
URL Redirection to Untrusted Site ('Open Redirect') in org.xwiki.platform:xwiki-platform-wysiwyg-apiGHSA-pjhg-9wr9-rj96 published
Apr 29, 2025 by michituxModerate -
The required rights analysis doesn't consider TextAreas with default content typeGHSA-mvgm-3rw2-7j4r published
Apr 29, 2025 by michituxCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database