CVE-2024-42489

Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This...

CVE-2024-42489 Pro Macros Remote Code Execution via Viewpdf and similar macros

Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This...

PT-2024-29986 · Ckeditor +1 · Ckeditor +1

Name of the Vulnerable Software and Affected Versions: Pro Macros versions prior to 1.10.1 Description: The issue is related to missing escaping in the Viewpdf macro, which allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote co...

xwiki-pro-macros 安全漏洞

xwiki-pro-macros is an open source tool from XWiki SAS. It can enhance the functionality of XWiki. A security vulnerability exists in xwiki-pro-macros, which stems from a missing escape in the Viewpdf macro. An attacker exploiting the vulnerability can remotely execute code...