Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Duplicate
Priority: Critical
Fix Version/s: None
Affects Version/s: 14.2-rc-1
Component/s: None
Labels:
None

Difficulty:
Unknown
Similar issues:

Description

Hello,

My name is Diana. I work as a junior analyst in the Cybersecurity Threat Analysis group at Positive Technologies.

Our researcher has discovered a critical vulnerability in the XWiki product. We strive to inform you as soon as possible about the vulnerabilities we have identified so that you can take appropriate measures to fix your product and protect your customers' systems.

We have already prepared a detailed technical vulnerability research report.

Please indicate in which format it is more convenient and safer for you to communicate: by email or in the tasks section?

If the first option, then we expect it to be the email of the cybersecurity team or the developers of the XWiki product.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Report_Vulnerability_XWiki.pdf
1.18 MB
04/Apr/22 10:47

Issue Links

duplicates

XRENDERING-663 XSS Javascript injection via XWiki 2.x syntax

Closed

XWIKI-19611 XSS through attachment filename in uploader

Closed

XWIKI-19550 Tags can be added and removed without CSRF token validation

Closed

Activity

People

Assignee:: Michael Hamann

Reporter:: Diana

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 01/Apr/22 15:28

Updated:: 17/Jun/24 12:33

Resolved:: 06/Apr/22 11:28

Date of First Response:: 02/Apr/22 11:09 AM