XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
The lesscss script service allows cache clearing without programming rightGHSA-rp38-24m3-rx87 published
Apr 29, 2025 by michituxLow -
No warning when granting XWiki.ComponentClass programming rightGHSA-x7wv-5qg4-vmr6 published
Apr 29, 2025 by michituxCritical -
Missing Authorization when accessing attachments list and metadata via REST APIGHSA-r5cr-xm48-97xp published
Apr 30, 2025 by tmortagneModerate -
Remote code execution as guest via SolrSearchMacros requestGHSA-rr6p-3pfg-562j published
Feb 20, 2025 by michituxCritical -
Remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosListGHSA-2r87-74cx-2p7c published
Dec 12, 2024 by manuelleducCritical -
Remote code execution through the extension sheetGHSA-j2pq-22jj-4pm5 published
Dec 12, 2024 by manuelleducCritical -
Document history including authors of any page exposed to unauthorized actorsGHSA-pvmm-55r5-g3mm published
Sep 10, 2024 by michituxModerate -
XSS through conflict resolutionGHSA-692v-783f-mg8x published
Jul 31, 2024 by michituxCritical -
RCE from script right in configurable sectionsGHSA-r279-47wg-chpr published
Dec 12, 2024 by manuelleducCritical -
Scheduler in subwiki allows scheduling operations for any main wiki userGHSA-cwq6-mjmx-47p6 published
Dec 12, 2024 by manuelleducModerate
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database