Malicious Package

Overview notification-displayer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

EUVD-2025-18296

Malicious code in bioql PyPI...

MAL-2025-42045 Malicious code in notification-displayer (npm)

The package notification-displayer was found to contain malicious code...

Malicious code in notification-displayer (npm)

The package notification-displayer was found to contain malicious code...

The vulnerability of the NotificationDisplayerClass class in the XWiki platform, a platform for creating collaborative web applications. The XWiki platform allows attackers to perform XSS attacks.

The vulnerability of the NotificationDisplayerClass class in the XWiki platform, a platform for creating collaborative web applications, is related to the absence of warnings about dangerous actions when loading edited objects. Exploiting this vulnerability could allow attackers to perform XSS...

CVE-2025-49587

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...

XWiki does not require right warnings for notification displayer objects

Impact When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing XSS attacks. While the notification...

GHSA-J7P2-87Q3-44W7 XWiki does not require right warnings for notification displayer objects

Impact When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing XSS attacks. While the notification...

CVE-2025-49587

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...

CVE-2025-49587 XWiki does not require right warnings for notification displayer objects

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...

CVE-2025-49587 XWiki does not require right warnings for notification displayer objects

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...

CVE-2025-49587

Summary (CVE-2025-49587) : XWiki Platform is vulnerable to reflected XSS when a user without script rights creates a document containing an XWiki.Notifications.Code.NotificationDisplayerClass object, and an admin later edits and saves the document. The potentially malicious object content is outp...