Changes for page Security

Last modified by Vincent Massol on 2023/12/05
<
From version < 16.1 >
edited by Thomas Mortagne
on 2017/03/24
To version < 19.2 >
edited by Vincent Massol
on 2017/06/08
>
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.ThomasMortagne
1 +XWiki.VincentMassol
Content
... ... @@ -44,7 +44,7 @@
44 44  
45 45  See the [[Authentication parameters section>>AdminGuide.Authentication#HAuthenticationparameters]] for more details.
46 46  
47 -In future versions we'd like to generate random and host-dependent key pairs at installation time (see the following [[issue>>https://jira.xwiki.org/jira/browse/XWIKI-542]] for details).
47 +In future versions we'd like to generate random and host-dependent key pairs at installation time (see the following [[issue>>https://jira.xwiki.org/browse/XWIKI-542]] for details).
48 48  
49 49  === Encrypt cookies using IP address ===
50 50  
... ... @@ -170,7 +170,7 @@
170 170  ==== Likelihood / Known Issues ====
171 171  
172 172  * XWiki syntax 1.0 does not filter out HTML so script injection is possible
173 -* XWiki syntax 2.0 contains html macro which when invoked allows injection of raw html and script. There is still no safe way to disable this (see [[this issue>>https://jira.xwiki.org/jira/browse/XWIKI-3953]] for more information.
173 +* XWiki syntax 2.0 contains html macro which when invoked allows injection of raw html and script. There is still no safe way to disable this (see [[this issue>>https://jira.xwiki.org/browse/XWIKI-3953]] for more information.
174 174  ** This attack method requires the attacker to have a registered username (unless anonymous editing or commenting is allowed).
175 175  
176 176  ==== Mitigation Methods ====
... ... @@ -221,3 +221,14 @@
221 221  === Mitigation Methods ===
222 222  
223 223  Advise admins to use addons such as [[noscript>>https://addons.mozilla.org/en-US/firefox/addon/noscript/]] which will help prevent automatic form submission by an attack site and also avoid clicking on suspicious links.
224 +
225 += Advisory Notices =
226 +
227 +Here's a list of sites offering security advisory notices about XWiki:
228 +* [[nvd.nist.gov>>https://nvd.nist.gov/vuln/search/results?adv_search=false&form_type=basic&results_type=overview&search_type=all&query=xwiki]]
229 +* [[www.cvedetails.com>>http://www.cvedetails.com/product/6856/Xwiki-Xwiki.html?vendor_id=3885]]
230 +* [[vuldb.com>>https://vuldb.com/fr/?search]] (need to search for ##xwiki##)
231 +* [[vulners.com>>https://vulners.com/search?query=xwiki]]
232 +
233 +
234 +
XWiki.XWikiComments[6]
Comment
... ... @@ -1,2 +1,2 @@
1 1  It seems like this has been fixed in 3.2:
2 -http://jira.xwiki.org/browse/XWIKI-4873
2 +https://jira.xwiki.org/browse/XWIKI-4873

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected