7 matches found
EUVD-2025-9733
Malicious code in bioql PyPI...
CVE-2025-31487
The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...
GHSA-WC53-4255-GW3F The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server
Impact If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file's content in one of the...
The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server
Impact If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file's content in one of the...
CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server
The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...
CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server
The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...
CVE-2025-31487
The CVE-2025-31487 affects the XWiki JIRA extension. If the JIRA macro is installed, a logged-in user could abuse the macro to trigger a request that returns XML containing a DOCTYPE with an XXE payload, potentially displaying contents of local files on the XWiki server (e.g., in fields like summ...