XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-uiGHSA-6w8h-26xx-cf8q published
Nov 21, 2022 by surliCritical -
Missing Authorization in Filter Stream Converter ApplicationGHSA-q6jp-gcww-8v2j published
Nov 21, 2022 by surliCritical -
Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-defaultGHSA-q2hm-2h45-v5g3 published
Nov 21, 2022 by surliModerate -
Creation of new database tables through login form on PostgreSQLGHSA-4x5r-6v26-7j4v published
Nov 21, 2022 by surliHigh -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-uiGHSA-5j7g-cf6r-g2h7 published
Nov 21, 2022 by surliCritical -
Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcoreGHSA-2gj2-vj98-j2qq published
Nov 21, 2022 by surliModerate -
Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-uiGHSA-p5v9-g8w8-5q4v published
Nov 21, 2022 by surliHigh -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xmlGHSA-9hqh-fmhg-vq2j published
Nov 21, 2022 by surliCritical -
Cross-Site Request Forgery (CSRF) allowing to delete or rename tagsGHSA-mq7h-5574-hw9f published
Nov 21, 2022 by surliHigh -
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-tag-uiGHSA-2g5c-228j-p52x published
Sep 8, 2022 by surliCritical
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database