XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection

Impact Any user who can edit their own user profile or any other document can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The reason is that rendering output is included as...

GHSA-9XC6-C2RM-F27P XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection

Impact Any user who can edit their own user profile or any other document can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The reason is that rendering output is included as...

CVE-2025-55729

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the ac:type in the ConfluenceLayoutSection macro allows remote code execution for any user who can edit any page The...

GHSA-P67Q-H88V-5JGR XWiki Platform vulnerable to code injection from account/view through VFS Tree macro

Impact Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of Macro.VFSTreeMacro. This page is not installed by default. See https://jira.xwiki.org/browse/XWIKI-20260 for the...

XWiki Platform 注入漏洞

XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. A code injection vulnerability exists in XWiki Platform. The vulnerability stems from incorrectly escaping macro content and menu macro parameters, which can be exploited to execute...

PT-2022-26165 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.8 XWiki Platform versions prior to 14.4.3 XWiki Platform versions prior to 14.6RC1 Description: The XWiki Platform is vulnerable to arbitrary code execution due to improper escaping of the macro content...

OracleVM 2.1 : newt (OVMSA-2009-0026)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix buffer overflow in textbox when reflowing 524618, CVE-2009-2905 - add release to -devel requires - escape macros in changelog - add support for tuples of strings in EntryWindow prompts in snack...