41 matches found
CVE-2025-66474
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...
CVE-2025-66474
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...
CVE-2025-66474 XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...
XWiki Rendering 安全漏洞
XWiki Rendering is a general-purpose rendering system from the XWiki Foundation that converts text input from a given syntax wiki syntax, HTML, etc. to another syntax XHTML, etc.. A security vulnerability exists in XWiki Rendering versions 16.10.9 and earlier, 17.0.0-rc-1 through 17.4.2, and...
EUVD-2025-21398
Malicious code in bioql PyPI...
EUVD-2025-21399
Malicious code in bioql PyPI...
EUVD-2023-2666
Malicious code in bioql PyPI...
EUVD-2023-2625
Malicious code in bioql PyPI...
CVE-2025-53836
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricte...
CVE-2025-53835
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...
Cross-site Scripting (XSS)
org.xwiki.rendering:xwiki-rendering-syntax-xhtml is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the XHTML syntax relying on the xdom+xml/current syntax, which allows insertion of arbitrary HTML including JavaScript, enabling XSS for users with document editing rights...
Remote Code Execution (RCE)
org.xwiki.rendering:xwiki-rendering-transformation-macro is vulnerable to Remote Code Execution RCE. The vulnerability is due to the macro content parser failing to preserve the restricted attribute in the transformation context, allowing execution of normally forbidden macros like script macros ...
CVE-2025-53836
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricte...
Cross-site Scripting (XSS)
Overview org.xwiki.rendering:xwiki-rendering-syntax-xhtml is a library for the XWiki Rendering Engine Affected versions of this package are vulnerable to Cross-site Scripting XSS via dependency on xdom+xml/current syntax. An attacker can execute arbitrary JavaScript code in the context of the...
CVE-2025-53835
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...
CVE-2025-53836
CVE-2025-53836 affects XWiki Rendering where the default macro content parser did not preserve the restricted transformation context during nested macro execution, allowing macros normally forbidden in restricted mode (notably script macros) to run via nested macros such as cache and chart. Affec...
CVE-2025-53836 XWiki Rendering is vulnerable to RCE attacks when processing nested macros
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricte...
CVE-2025-53836 XWiki Rendering is vulnerable to RCE attacks when processing nested macros
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricte...
CVE-2025-53836 XWiki Rendering is vulnerable to RCE attacks when processing nested macros
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricte...
CVE-2025-53835 XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...