Changes for page Security

Last modified by Simon Urli on 2023/12/26

From version 18.1
edited by Thomas Mortagne
on 2017/03/28
Change comment: Fix jira URLs
To version 20.1
edited by Ecaterina Moraru (Valica)
on 2017/09/04
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.ThomasMortagne
1 +XWiki.evalica
Content
... ... @@ -53,7 +53,7 @@
53 53  
54 54  == Override version information ==
55 55  
56 -By default, the exact XWiki Enterprise version is shown in the footer of every page. This is not harmful by itself, but can provide useful information to the attacker, who can use known vulnerabilities against this version.
56 +By default, the exact XWiki version is shown in the footer of every page. This is not harmful by itself, but can provide useful information to the attacker, who can use known vulnerabilities against this version.
57 57  
58 58  You can change the version string shown in the footer using the [[Administration Application>>extensions:Extension.Administration Application]]. Click on the ##Presentaton## icon and change the version string in the //Version// field.
59 59  
... ... @@ -153,7 +153,7 @@
153 153  
154 154  * Avoid "Privileged API" whenever possible and only use non API when absolutely necessary. If each of your calls requires you to pass the context as a parameter, you're doing it wrong.
155 155  
156 -For more information check the [[XWiki API Reference>>http://platform.xwiki.org/xwiki/bin/view/DevGuide/API]].
156 +For more information check the [[XWiki API Reference>>DevGuide.API]].
157 157  
158 158  == Cross Site Scripting ==
159 159  
... ... @@ -221,3 +221,12 @@
221 221  === Mitigation Methods ===
222 222  
223 223  Advise admins to use addons such as [[noscript>>https://addons.mozilla.org/en-US/firefox/addon/noscript/]] which will help prevent automatic form submission by an attack site and also avoid clicking on suspicious links.
224 +
225 += Advisory Notices =
226 +
227 +Here's a list of sites offering security advisory notices about XWiki:
228 +
229 +* [[nvd.nist.gov>>https://nvd.nist.gov/vuln/search/results?adv_search=false&form_type=basic&results_type=overview&search_type=all&query=xwiki]]
230 +* [[www.cvedetails.com>>http://www.cvedetails.com/product/6856/Xwiki-Xwiki.html?vendor_id=3885]]
231 +* [[vuldb.com>>https://vuldb.com/fr/?search]] (need to search for ##xwiki##)
232 +* [[vulners.com>>https://vulners.com/search?query=xwiki]]

Get Connected