CVE-2024-42489

Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This...

PT-2024-29986 · Ckeditor +1 · Ckeditor +1

Name of the Vulnerable Software and Affected Versions: Pro Macros versions prior to 1.10.1 Description: The issue is related to missing escaping in the Viewpdf macro, which allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote co...

XSS vulnerability can be exploited with the viewppt macro

Upload a file test.ppt Use markup: noformatviewppt:test.ppt|height=alert"xss"|width=alert"xss"noformat The scripts will be executed when the page is loaded...

XSS vulnerability can be exploited with the viewppt macro

Upload a file test.ppt Use markup: noformatviewppt:test.ppt|height=alert"xss"|width=alert"xss"noformat The scripts will be executed when the page is loaded...

XSS vulnerability can be exploited with the viewppt macro

Upload a file test.ppt Use markup: noformatviewppt:test.ppt|height=alert"xss"|width=alert"xss"noformat The scripts will be executed when the page is loaded...