Loading...

Log in Skip to main content Skip to sidebar

Loading…

Dashboards
Projects
Issues

Give feedback to Atlassian
Help
Log In

Export - CSV (All fields)

Export - CSV (Current fields)

Choose a delimiter

Comma (,)

Semicolon (;)

Vertical bar (|)

Caret (^)

XWIKI-22490
The WikiManager REST API allows any user to create wikis
XWIKI-22487
Open redirect through HTML conversion request filter
XWIKI-22474
The Solr script service doesn't take dropped programming right into account
XWIKI-22462
The lesscss script service allows cache clearing without programming right
XWIKI-22460
No warning when granting XWiki.ComponentClass programming right
XWIKI-22139
Upgrade to dompurify 3.1.1
XWIKI-22030
Remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList
XWIKI-22002
The required rights analysis doesn't consider TextAreas with default content type
XWIKI-21890
Remote code execution through the extension sheet
XWIKI-21810
XSS through XClass name in string properties
XWIKI-21663
Scheduler in subwiki allows scheduling operations for any main wiki user
XWIKI-21626
XSS through conflict resolution
XWIKI-21611
Disabling a user account changes its author, allowing RCE from user account
XWIKI-21474
Remote code execution from account via SearchSuggestSourceSheet
XWIKI-21473
Remote code execution from account via SearchSuggestConfigSheet
XWIKI-21472
Remote code execution via DatabaseSearch
XWIKI-21471
Remote code execution through space title and Solr space facet
XWIKI-21438
Remote code execution from view right on Panels.PanelLayoutUpdate
XWIKI-21416
CSRF remote code execution through scheduler job's document reference
XWIKI-21411
Privilege escalation (PR) from edit in multilingual wikis via translations
XWIKI-21337
Privilege escalation (PR) from user registration through PDFClass
XWIKI-21335
Privilege escalation (PR) from account through UIExtension parameters
XWIKI-21208
Solr search discloses password hashes of all users
XWIKI-21207
RCE from script right in configurable sections
XWIKI-21200
RCE from account through SearchAdmin
XWIKI-21194
Remote code execution through class name in configurable section
XWIKI-21173
RCE via first name in user registration
XWIKI-21167
XSS/CSRF RCE in XWiki.ConfigurableClass
XWIKI-21138
Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service
XWIKI-21122
Remote code execution/programming rights through document reference with configuration section from edit right
XWIKI-21121
Remote code execution/programming rights through heading of configuration sections with edit rights
XWIKI-21095
RXSS through revision parameter in content menu
XWIKI-20962
XSS from account in the create page form via template provider
XWIKI-20961
XSS with edit right in the create document form for existing pages
XWIKI-20869
Users can be tricked to execute scripts as the create action doesn't display the page's title
XWIKI-20854
Reflected XSS in the create document form if name validation is enabled
XWIKI-20852
Groovy jobs check the wrong author, allowing remote code execution
XWIKI-20851
CSRF in the job scheduler
XWIKI-20849
CSRF privilege escalation/RCE via the create action
XWIKI-20848
Velocity execution without script right through VelocityCode property
XWIKI-20847
Velocity execution without script right through VelocityWiki property
XWIKI-20818
Cookies are sent to external images in rendered diff (and server side request forgery)
XWIKI-20817
The diff displays deleted revisions without additional right check
XWIKI-20746
Privilege escalation (PR) from account through Menu.UIExtensionSheet
XWIKI-20715
Arbitrary server side file writing from account through office converter
XWIKI-20685
No extra right check in script API when accessing deleted documents
XWIKI-20684
Comments of deleted documents can be viewed through REST API
XWIKI-20625
Velocity execution without script right through tree macro
XWIKI-20624
Privilege escalation from script right to programming right through title displayer
XWIKI-20611
Privilege escalation (PR) from account through like LiveTableResults

Refresh results

{"errorMessages":["You are not authorised to perform this operation. Please log in."],"errors":{}}

[{"id":-1,"name":"My open issues","jql":"assignee = currentUser() AND resolution = Unresolved order by updated DESC","isSystem":true,"sharePermissions":[],"requiresLogin":true},{"id":-2,"name":"Reported by me","jql":"reporter = currentUser() order by created DESC","isSystem":true,"sharePermissions":[],"requiresLogin":true},{"id":-4,"name":"All issues","jql":"order by created DESC","isSystem":true,"sharePermissions":[],"requiresLogin":false},{"id":-5,"name":"Open issues","jql":"resolution = Unresolved order by priority DESC,updated DESC","isSystem":true,"sharePermissions":[],"requiresLogin":false},{"id":-9,"name":"Done issues","jql":"statusCategory = Done order by updated DESC","isSystem":true,"sharePermissions":[],"requiresLogin":false},{"id":-3,"name":"Viewed recently","jql":"issuekey in issueHistory() order by lastViewed DESC","isSystem":true,"sharePermissions":[],"requiresLogin":false},{"id":-6,"name":"Created recently","jql":"created >= -1w order by created DESC","isSystem":true,"sharePermissions":[],"requiresLogin":false},{"id":-7,"name":"Resolved recently","jql":"resolutiondate >= -1w order by updated DESC","isSystem":true,"sharePermissions":[],"requiresLogin":false},{"id":-8,"name":"Updated recently","jql":"updated >= -1w order by updated DESC","isSystem":true,"sharePermissions":[],"requiresLogin":false}]

0.3

0

Atlassian Jira Project Management Software
About Jira
Report a problem

Powered by a free Atlassian Jira open source license for XWiki.org. Try Jira - bug tracking software for your team.