XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-rendering
Security
SECURITY.md
-
Privilege escalation via the footnote macroGHSA-35j5-m29r-xfq5 published
Oct 25, 2023 by michituxCritical -
Improper Neutralization of Invalid Characters in Identifiers in Web Pages in org.xwiki.rendering:xwiki-rendering-xmlGHSA-663w-2xp3-5739 published
Oct 25, 2023 by michituxCritical -
The macro content parser doesn't preserve the restricted transformation context, allowing RCE from commentsGHSA-32mf-57h2-64x9 published
Jul 14, 2025 by michituxCritical -
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in a dependency of org.xwiki.rendering:xwiki-rendering-syntax-xhtmlGHSA-w3wh-g4m9-783p published
Jul 14, 2025 by michituxCritical -
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderersGHSA-6gf5-c898-7rxp published
May 10, 2023 by michituxCritical
Learn more about advisories related to xwiki/xwiki-rendering in the GitHub Advisory Database