CVE-2025-49587 XWiki does not require right warnings for notification displayer objects

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...

PT-2025-25433 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 16.4.7 XWiki versions prior to 16.10.3 XWiki versions prior to 17.0.0 Description: XWiki is a generic wiki platform that warns about the execution of "dangerous" macros like malicious script macros authored by a user...