XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
Users with SCRIPT right can access the application server instance manager and create arbitrary Java objects through $request bindingGHSA-7qw5-pqhc-xm4g published
Sep 10, 2020 by tmortagneHigh -
Authenticated server side code execution without programming rights on User DashboardsGHSA-rmp6-jjg8-9424 published
May 12, 2020 by surliHigh
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database