XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-commons
Security
SECURITY.md
-
Missing escaping of { in Velocity escapetool allows remote code executionGHSA-hf43-47q4-fhq5 published
Apr 10, 2024 by michituxCritical -
HTML sanitizer allows form elements in restricted in org.xwiki.commons:xwiki-commons-xmlGHSA-6pqf-c99p-758v published
Jun 29, 2023 by michituxCritical -
Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xmlGHSA-pv7v-ph6g-3gxv published
May 9, 2023 by michituxCritical -
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in org.xwiki.commons:xwiki-commons-xmlGHSA-x37v-36wv-6v6h published
Apr 20, 2023 by tmortagneCritical -
Privilege escalation to programming rights via user's first nameGHSA-8cw6-4r32-6r3h published
Mar 1, 2023 by tmortagneCritical -
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in org.xwiki.commons:xwiki-commons-xmlGHSA-m3jr-cvhj-f35j published
Apr 12, 2023 by tmortagneCritical -
Arbitrary file access through XML parsingGHSA-m2r5-4w96-qxg5 published
Apr 28, 2022 by tmortagneModerate -
Arbitrary filesystem write access from velocity.GHSA-cvx5-m8vg-vxgc published
Apr 28, 2022 by tmortagneModerate
Learn more about advisories related to xwiki/xwiki-commons in the GitHub Advisory Database