CVE-2025-58365

The CVE-2025-58365 issue affects the XWiki Blog Application prior to version 9.14. An attacker with edit rights on any page could inject a Blog.BlogPostClass object and place a script macro in the Content field, enabling remote code execution. The vulnerability is mitigated in 9.14 by executing b...

Upgrading doesn't prevent exploiting vulnerable XWiki documents

Impact When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still possible to exploit the vulnerability that was fixed in the new version. The severity of this depends on the fixed...

Security feature bypass

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still possible to exploit the...

CVE-2023-36468 Upgrading doesn't prevent exploiting vulnerable XWiki documents

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still possible to exploit the...

XWiki Platform 代码注入漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform that originates from an arbitrary script macro that can be injected via a URL request parameter in combination with other...