6 matches found
Stored Cross-Site Scripting
XWiki Blog Application is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper escaping of blog post titles before insertion into the HTML tag, allowing attackers with blog editing permissions to inject malicious JavaScript that executes in the browser of users...
CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...
CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...
CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...
EUVD-2025-208293
XWiki Blog Application home page vulnerable to Stored XSS via Post Title...
XWiki Blog Application home page vulnerable to Stored XSS via Post Title
Impact The Blog Application is vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious...