CRITICAL🇵🇱 Wersja polska

CVE-2024-52300

CVSS 9.0v3.1pub. 2024-11-13upd. 2024-11-18

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Xwiki Pdf Viewer Macro

    APP
    Xwiki
    < 2.5.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2024-52298HIGH7.5ten sam produkt

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker ...

CVE-2024-52299HIGH7.5ten sam produkt

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFVie...

CVE-2025-24893CRITICAL9.8⚠ KEVPL ✓ten sam vendor

XWiki Platform — niezautoryzowany RCE przez endpoint SolrSearch

CVE-2025-65091CRITICAL10.0PL ✓ten sam vendor

SQL Injection w XWiki Full Calendar Macro — dostęp bez uwierzytelnienia

CVE-2025-55727CRITICAL10.0PL ✓ten sam vendor

XWiki Pro Macros: RCE przez brak escapowania parametru width w makro column