5 matches found
CVE-2025-55730
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the title in the confluence paste code macro allows remote code execution for any user who can edit any page. The...
Atlassian Confluence Administrator Code Macro Remote Code Execution Exploit
This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This...
Atlassian Confluence Administrator Code Macro Remote Code Execution
This module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will...
Atlassian Confluence Administrator Code Macro Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Administrator Code Macro Remote Code Execution', 'Description' = %q This module exploits an authenticated administrator-leve...
GHSA-2C83-WFV3-Q25F Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ZMarkdown
Impact A Remote Command Execution vulnerability was found in the rebber module, which allowed execution of arbitrary commands. The reported problem came from CodeBlocks, which could be escaped to insert malicious LaTeX. Anyone using rebber without sanitation of code content or a custom macro is...