Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Duplicate
Priority: Critical
Fix Version/s: None
Affects Version/s: 17.2.0
Component/s: Application
Labels:
- security

Difficulty:
Unknown
Similar issues:

Description

Hello!

Researchers of cybersecurity company have discovered vulnerabilities in XWiki. Vulnerability Research Report is attached to this issue.

Positive Technologies plans to release a database update for its products and a publication about the discovered vulnerabilities within the next 90 days from the date of sending this message, so please answer the following questions:

When and in what version will you fix the vulnerabilities described in our Report? (date, version)
If it is not possible to release a patch in the next 90 days, then please indicate the expected release date of the patch (month).
Users of the product XWiki, who are our Clients, use the CVE-ID in the vulnerability management process. Therefore, we ask you to provide the CVE-ID for the vulnerabilities that we submitted to you.

https://global.ptsecurity.com/policies/positive-coordinated-vulnerability-disclosure-policy

Thank you for your cooperation.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

[PT-2025-04] XWiki.pdf
09/Apr/25 17:45
758 kB
zeroday

Issue Links

is related to

XWIKI-23093 SQL injection through getdeleteddocuments.vm template sort parameter

Closed

XWIKI-23096 Reflected XSS vulnerability in extension and job_status_json templates

Closed

Activity

People

Assignee:: Michael Hamann

Reporter:: zeroday

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 09/Apr/25 17:06

Updated:: 06/Aug/25 11:33

Resolved:: 11/Apr/25 13:45

Date of First Response:: 10/Apr/25 6:51 PM