Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2025/03/07 4:7 p.m.11 views

com.xwiki.confluencepro:application-confluence-migrator-pro-ui Remote Code Execution via unescaped translations

Impact A user that doesn't have programming rights can execute arbitrary code when creating a page using the Migration Page template. A possible attack vector is the following: Create a page and add the following content: confluencepro.job.question.advanced.input=/html async async="true"...

9.1CVSS8AI score0.00602EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/07 4:6 p.m.14 views

CVE-2025-27603 XWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations

XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. A user that doesn't have programming rights can execute arbitrary code due to an unescaped translation when creating a page using the Migration Page template. This vulnerability is fixed in 1.2.0...

9.1CVSS7.8AI score0.00602EPSS
Exploits0References2
CVE
CVE
added 2025/03/07 4:6 p.m.60 views

CVE-2025-27603

CVE-2025-27603 affects the XWiki Confluence Migrator Pro — a tool used to import Confluence packages into XWiki. The issue arises from an unescaped translation when creating a page with the Migration Page template, allowing a user lacking programming rights to execute arbitrary code. The vulnerab...

9.1CVSS7.8AI score0.00602EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/07 4:6 p.m.21 views

CVE-2025-27603 XWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations

XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. A user that doesn't have programming rights can execute arbitrary code due to an unescaped translation when creating a page using the Migration Page template. This vulnerability is fixed in 1.2.0...

9.1CVSS0.00602EPSS
Exploits0References2
Rows per page
Query Builder