By the Year
In 2023 there have been 1 vulnerability in Xwiki Rendering with an average score of 6.1 out of ten. Rendering did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2023 as compared to last year.
It may take a day or so for new Rendering vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Xwiki Rendering Security Vulnerabilities
XWiki Platform is a generic wiki platform
6.1 - Medium
- May 10, 2023
XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. There are no known workarounds apart from upgrading to a fixed version.