XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Users with just edit right can enforce required rights with programming rightGHSA-rhfv-688c-p6hp published
May 21, 2025 by michituxModerate -
Privilege escalation (PR) through realtime WYSIWYG editingGHSA-rmm7-r7wr-xpfg published
Jan 14, 2025 by mfloreaCritical -
SQL injection in getdocuments.vm with sort parameterGHSA-wh34-m772-5398 published
Dec 12, 2024 by manuelleducCritical -
SQL injection in short form select requests through the script query APIGHSA-g9jj-75mx-wjcx published
Apr 23, 2025 by tmortagneHigh -
SQL injection in query endpoint of REST APIGHSA-f69v-xrj8-rhxf published
Apr 23, 2025 by tmortagneCritical -
The WikiManager REST API allows any user to create wikisGHSA-gfp2-6qhm-7x43 published
Mar 19, 2025 by surliHigh -
Any user with view access to the XWiki space can change the authenticatorGHSA-f9c6-2f9p-82jj published
Apr 30, 2025 by tmortagneHigh -
Wrong wiki reference used in AuthorizationManagerGHSA-gq32-758c-3wm3 published
Mar 19, 2025 by surliHigh -
Unregistered users can access private pages information through REST endpointGHSA-22q5-9phm-744v published
Mar 19, 2025 by surliHigh -
Solr script service doesn't take dropped programming right into accountGHSA-987p-r3jc-8c8v published
Apr 29, 2025 by michituxLow
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database