8 matches found
CVE-2025-65036
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1...
EUVD-2025-201417
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1...
CVE-2025-65036
XWiki Remote Macros (xwiki-pro-macros) prior to version 1.27.1 allow remote code execution by executing Velocity from details pages without proper permission checks. Affected component is the macro rendering feature used for Confluence content migration. The issue is fixed in 1.27.1; remediation ...
CVE-2025-65036 XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1...
CVE-2023-50732 Velocity execution without script right through tree macro
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1...
GHSA-M5M2-H6H9-P2C8 Velocity execution without script right through VelocityCode and VelocityWiki property
Impact It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "VelocityCode" or "VelocityWiki". For the former, the syntax of the document needs to be set the xwiki/1.0 this syntax doesn't need to be...
CVE-2023-41046 Velocity execution without script rights in Xwiki platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "VelocityCode" or "VelocityWiki". For the...
CVE-2023-41046 Velocity execution without script rights in Xwiki platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "VelocityCode" or "VelocityWiki". For the...