14 matches found
xwiki-pro-macros 安全漏洞
xwiki-pro-macros is an open source tool from XWiki SAS. It can enhance the functionality of XWiki. A security vulnerability exists in xwiki-pro-macros versions prior to 1.27.1, which stems from unchecked privileges to execute Velocity, and could lead to remote code execution...
Pro Macros 安全漏洞
Pro Macros is an XWiki enhancement plugin open-sourced by XWiki SAS. A security vulnerability exists in versions of Pro Macros prior to 1.27.0, which originates from the possibility that a user without view privileges may view the contents of office attachments via the view file macro...
xwiki-pro-macros 安全漏洞
xwiki-pro-macros is an open source tool from XWiki SAS. It can enhance the functionality of XWiki. A security vulnerability exists in xwiki-pro-macros versions prior to 1.26.5, which stems from a lack of escaping of the title parameter and could lead to remote code execution...
xwiki-pro-macros 安全漏洞
xwiki-pro-macros is an open source tool from XWiki SAS. It can enhance the functionality of XWiki. A security vulnerability exists in xwiki-pro-macros versions prior to 1.26.5, which stems from a missing escape for the classes parameter and could lead to remote code execution...
xwiki-pro-macros 安全漏洞
xwiki-pro-macros is an open source tool from XWiki SAS. It can enhance the functionality of XWiki. A security vulnerability exists in xwiki-pro-macros versions prior to 1.26.5, which stems from a lack of escaping of the width parameter and could lead to remote code execution...
xwiki-pro-macros 安全漏洞
xwiki-pro-macros is an open source tool from XWiki SAS. It can enhance the functionality of XWiki. A security vulnerability exists in xwiki-pro-macros versions prior to 1.26.5, which stems from a missing escape for the ac:type parameter and could lead to remote code execution...
CVE-2024-42489
Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This...
CVE-2024-42489
Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This...
CVE-2024-42489 Pro Macros Remote Code Execution via Viewpdf and similar macros
Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This...
CVE-2024-42489 Pro Macros Remote Code Execution via Viewpdf and similar macros
Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This...
CVE-2024-42489 Pro Macros Remote Code Execution via Viewpdf and similar macros
Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This...
CVE-2024-42489
CVE-2024-42489 affects Pro Macros (XWiki rendering macros). The vulnerability is due to missing escaping in the Viewpdf macro (and similar macros like Viewppt ), enabling remote code execution for users with view/edit/comment rights on affected pages. Root cause: missing escaping on CKEditor.HTML...
PT-2024-29986 · Ckeditor +1 · Ckeditor +1
Name of the Vulnerable Software and Affected Versions: Pro Macros versions prior to 1.10.1 Description: The issue is related to missing escaping in the Viewpdf macro, which allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote co...
xwiki-pro-macros 安全漏洞
xwiki-pro-macros is an open source tool from XWiki SAS. It can enhance the functionality of XWiki. A security vulnerability exists in xwiki-pro-macros, which stems from a missing escape in the Viewpdf macro. An attacker exploiting the vulnerability can remotely execute code...