EUVD-2026-27073

XWiki PlantUML Macro Vulnerable to Server-Side Request Forgery SSRF via 'server' parameter...

XWiki PlantUML Macro Vulnerable to Server-Side Request Forgery (SSRF) via 'server' parameter

Impact The PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does not validate the supplied URL. An attacker can supply an internal IP address or a malicious externa...

GHSA-42FC-7W97-8VRC XWiki PlantUML Macro Vulnerable to Server-Side Request Forgery (SSRF) via 'server' parameter

Impact The PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does not validate the supplied URL. An attacker can supply an internal IP address or a malicious externa...

CVE-2026-42140

PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does...

CVE-2026-42140

The CVE covers the PlantUML Macro used in XWiki, where the vulnerability lies in the server parameter not being validated. Prior to version 2.4.1, an attacker can supply an arbitrary URL (including internal addresses) to the server parameter, causing the XWiki server to attempt to connect for ren...

CVE-2026-42140 Server-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameter

PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does...

CVE-2026-42140 Server-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameter

PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does...

CVE-2026-42140

PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does...

PlantUML Macro 代码问题漏洞

PlantUML Macro is an open-source tool developed by XWiki Contrib that generates chart images from textual definitions. Versions of PlantUML Macro prior to 2.4.1 had code vulnerabilities; these vulnerabilities stemmed from the lack of validation of the URLs provided by server parameters, which cou...

PT-2026-36886

Name of the Vulnerable Software and Affected Versions PlantUML Macro versions prior to 2.4.1 Description PlantUML Macro, used for rendering UML diagrams from textual schemes, contains a Server-Side Request Forgery SSRF flaw. The application fails to validate the URL provided through the server...

[SECURITY] Fedora 42 Update: plantuml-1.2026.1-1.fc42

PlantUML is a program allowing to draw UML diagrams, using a simple and human readable text description. It is extremely useful for code documenting, sketching project architecture during team conversations and so on. PlantUML supports the following diagram types - sequence diagram - use case...

[SECURITY] Fedora 43 Update: plantuml-1.2026.1-1.fc43

PlantUML is a program allowing to draw UML diagrams, using a simple and human readable text description. It is extremely useful for code documenting, sketching project architecture during team conversations and so on. PlantUML supports the following diagram types - sequence diagram - use case...

Fedora 42 : plantuml (2026-0d819a3a70)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0d819a3a70 advisory. Update to version 1.2026.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

Fedora 43 : plantuml (2026-e25e1b1d0f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e25e1b1d0f advisory. Update to version 1.2026.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

Fedora: Security Advisory (FEDORA-2026-0d819a3a70)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-e25e1b1d0f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2026-0858

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to...

CVE-2026-0858

A flaw was found in PlantUML. This vulnerability, known as Stored Cross-Site Scripting XSS, occurs due to insufficient sanitization of interactive attributes within GraphViz diagrams. A remote attacker can exploit this by crafting a malicious PlantUML diagram, which then injects harmful JavaScrip...

PlantUML is vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to...

GHSA-HRVF-G648-RF3M PlantUML is vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to...