CVE-2024-42489

Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This...

CVE-2024-42489 Pro Macros Remote Code Execution via Viewpdf and similar macros

Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This...

PT-2024-29986 · Ckeditor +1 · Ckeditor +1

Name of the Vulnerable Software and Affected Versions: Pro Macros versions prior to 1.10.1 Description: The issue is related to missing escaping in the Viewpdf macro, which allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote co...

GHSA-9PC2-X9QF-7J2Q org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability

Impact Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the macro parameters of the...

XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery

Impact The CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery CSRF, allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters...

SUSE-SU-2016:1475-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - IBM Java 80-3.0 released: bsc977646 bsc977648 bsc977650 bsc979252 CVE-2016-0376 CVE-2016-0264 CVE-2016-0363 CVE-2016-3443 CVE-2016-0687 CVE-2016-0686 CVE-2016-3427 CVE-2016-3449 CVE-2016-3422 CVE-2016-3426 - There is no HtmlConverter and...

Oracle - HtmlConverter.exe Buffer Overflow

Exploit for windows platform in category local exploits + Credits: hyp3rlinx Vendor: =============== www.oracle.com Product: ======================================== Java Platform SE 6 U24 HtmlConverter.exe Product Version: 6.0.240.50 The HTML Converter is part of Java SE binary part of the JDK a...