CVE-2025-53835 XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...

CVE-2025-53835

XWiki Rendering (org.xwiki.rendering) is affected in versions 5.4.5 up to, but not including, 14.10 due to a dependency of the XHTML syntax on xdom+xml/current, which permits creation of raw blocks that can insert arbitrary HTML/JavaScript and enable XSS when users can edit content (e.g., profile...

XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

Impact The XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks that permit the insertion of arbitrary HTML content including JavaScript. This allows XSS attacks for users who can edit a document like their user profile enabled by default. The attack works ...

GHSA-W3WH-G4M9-783P XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

Impact The XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks that permit the insertion of arbitrary HTML content including JavaScript. This allows XSS attacks for users who can edit a document like their user profile enabled by default. The attack works ...

PT-2025-29523 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 5.4.5 through 14.9 Description: XWiki Rendering, a system for converting textual input into different syntaxes, contains a flaw. Prior to version 14.10, the XHTML syntax relied on the xdom+xml/current syntax, enabling the...