3 matches found
CVE-2024-52299
The CVE-2024-52299 entry concerns the XWiki macro-pdfviewer (PDF Viewer Macro using Mozilla pdf.js). The root cause is that the access control key passed to prevent access is computed incorrectly, along with a digest stream issue where calling skip does not update the digest. This permits any use...
CVE-2024-52298
The CVE-2024-52298 issue affects the macro-pdfviewer (XWiki) that uses Mozilla pdf.js. An attacker can view any attachment by exploiting the Delegate my view right privilege if they can access a page whose last author has permission to the attachment. The attacker needs only a reference to a PDF ...
CVE-2024-52300
The CVE-2024-52300 issue affects the XWiki macro-pdfviewer (PDF Viewer Macro) that uses Mozilla pdf.js. The width parameter is not properly escaped, enabling cross-site scripting (XSS) when an admin can edit a page, potentially impacting confidentiality, integrity, and availability of the entire ...