3 matches found
EUVD-2025-18284
Malicious code in bioql PyPI...
XWiki allows remote code execution through default value of wiki macro wiki-type parameters
Impact Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation and thus impacts its confidentiality, integrity and availability. The main probl...
CVE-2025-49581 XWiki allows remote code execution through default value of wiki macro wiki-type parameters
XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...