macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NXwiki Pdf Viewer Macro
APPXwiki< 2.5.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2024-52300CRITICAL9.0PL ✓ten sam produkt
XSS w parametrze width makra PDF Viewer dla XWiki
CVE-2024-52298HIGH7.5ten sam produkt
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker ...
CVE-2025-24893CRITICAL9.8⚠ KEVPL ✓ten sam vendor
XWiki Platform — niezautoryzowany RCE przez endpoint SolrSearch
CVE-2025-65091CRITICAL10.0PL ✓ten sam vendor
SQL Injection w XWiki Full Calendar Macro — dostęp bez uwierzytelnienia
CVE-2025-55727CRITICAL10.0PL ✓ten sam vendor
XWiki Pro Macros: RCE przez brak escapowania parametru width w makro column