2 matches found
CVE-2025-65091
The CVE-2025-65091 issue affects the XWiki Full Calendar Macro. Concrete details from connected documents show a SQL injection vulnerability present in versions prior to 2.4.5, exploitable by users with view rights to the Calendar.JSONService page (including guests). The root cause is an injectio...
CVE-2025-65090
Summary: CVE-2025-65090 affects the XWiki Full Calendar Macro. Prior to version 2.4.6, users with rights to view the Calendar.JSONService page (including guests) could access database information via the calendar data exposed by the macro, constituting a data-leak vulnerability. The issue has bee...