CVE-2025-49587 XWiki does not require right warnings for notification displayer objects

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...

PT-2020-6677 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.1 Description: The issue exists due to the lack of protection for the web page structure in MediaWiki, specifically with the combination of Html::rawElement and Message::text. This can be exploited by a remote...