QNTM Group acquires Ibexa: Building the leading Digital Experience Platform in Europe. Read blog post.
Learn how to report security issues - Find advisories older than 2019 - Read Ibexa's security policy - Check out our security blog posts
IBEXA-SA-2021-010: XSS in richtext custom tag attributes
IBEXA-SA-2021-009: Malicious code in NPM veged/coa
IBEXA-SA-2021-008: GraphQL authentication doesn't respect security config
IBEXA-SA-2021-007: JWT auth possible for disabled users. Username login handler can't be disabled.
IBEXA-SA-2021-006: Storage and legacy files accessible if path is known
IBEXA-SA-2021-005: Content object state fetch functions open to SQL injection
IBEXA-SA-2021-004: Map/Host matcher exposes backend URL in the frontend
IBEXA-SA-2021-003: Block upload of scriptable file types
IBEXA-SA-2021-002: /user/sessions endpoint allows detecting valid accounts
IBEXA-SA-2021-001: SQL injection vulnerability in EcontentController