4 matches found
com.xwiki.confluencepro:application-confluence-migrator-pro-ui Remote Code Execution via unescaped translations
Impact A user that doesn't have programming rights can execute arbitrary code when creating a page using the Migration Page template. A possible attack vector is the following: Create a page and add the following content: confluencepro.job.question.advanced.input=/html async async="true"...
CVE-2025-27603 XWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations
XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. A user that doesn't have programming rights can execute arbitrary code due to an unescaped translation when creating a page using the Migration Page template. This vulnerability is fixed in 1.2.0...
CVE-2025-27603
CVE-2025-27603 affects the XWiki Confluence Migrator Pro — a tool used to import Confluence packages into XWiki. The issue arises from an unescaped translation when creating a page with the Migration Page template, allowing a user lacking programming rights to execute arbitrary code. The vulnerab...
CVE-2025-27603 XWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations
XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. A user that doesn't have programming rights can execute arbitrary code due to an unescaped translation when creating a page using the Migration Page template. This vulnerability is fixed in 1.2.0...