2 matches found
GHSA-C32M-27PJ-4XCJ XWiki's required right warnings for macros are incomplete
Impact When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are incomplete, allowing an...
CVE-2025-49582
XWiki platform is affected by a remote code execution risk due to incomplete required-right analyzers for dangerous macros. The issue allows a page to include Groovy or Python macros hidden by a user with lower privileges, which could be executed when another user with higher rights edits the pag...