Oauth Identity Xwiki Oauth Identity

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Xwiki Oauth Identity.

By the Year

In 2025 there have been 0 vulnerabilities in Xwiki Oauth Identity. Oauth Identity did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 0 0.00
2023 1 9.60
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Oauth Identity vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Xwiki Oauth Identity Security Vulnerabilities

com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations

CVE-2023-45144 9.6 - Critical - October 16, 2023

com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting (XSS) and XWiki syntax injection. This allows remote code execution via the groovy macro and thus affects the confidentiality, integrity and availability of the whole XWiki installation. The issue has been fixed in Identity OAuth version 1.6. There are no known workarounds for this vulnerability and users are advised to upgrade.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Xwiki Oauth Identity or by Xwiki? Click the Watch button to subscribe.

Xwiki
Vendor

subscribe