Lucene search
K
XwikiPro Macros

5 matches found

CVE
CVE
added 2024/08/12 3:49 p.m.63 views

CVE-2024-42489

CVE-2024-42489 affects Pro Macros (XWiki rendering macros). The vulnerability is due to missing escaping in the Viewpdf macro (and similar macros like Viewppt ), enabling remote code execution for users with view/edit/comment rights on affected pages. Root cause: missing escaping on CKEditor.HTML...

10CVSS9.7AI score0.01063EPSS
CVE
CVE
added 2025/09/09 6:40 p.m.29 views

CVE-2025-55728

CVE-2025-55728 concerns the XWiki Remote Macros package, specifically the panel macro. The issue arises from missing escaping of the classes parameter in the panel macro, which is used within XWiki syntax and can lead to XWiki syntax injection. Affects versions 1.0 through 1.26.4 (and up to 1.26....

10CVSS8.1AI score0.0074EPSS
CVE
CVE
added 2025/09/09 6:31 p.m.24 views

CVE-2025-55727

CVE-2025-55727 affects XWiki Remote Macros (column macro width parameter). The issue: missing escaping of the width parameter in versions 1.0 through 1.26.4 enables remote code execution when a user can edit a page or access the CKEditor converter, due to unescaped XWiki syntax in the width param...

10CVSS7.8AI score0.00978EPSS
CVE
CVE
added 2025/11/19 5:41 p.m.17 views

CVE-2025-65089

CVE-2025-65089 affects XWiki Remote Macros. Prior to version 1.27.0, a user with no view rights on a page could see the content of an office attachment rendered via the view file macro. This is a data leak due to mis-authorization in the macro rendering path. The issue has been patched in version...

6.8CVSS6.4AI score0.00258EPSS
CVE
CVE
added 2025/12/05 4:10 p.m.16 views

CVE-2025-65036

XWiki Remote Macros (xwiki-pro-macros) prior to version 1.27.1 allow remote code execution by executing Velocity from details pages without proper permission checks. Affected component is the macro rendering feature used for Confluence content migration. The issue is fixed in 1.27.1; remediation ...

8.3CVSS7.7AI score0.00347EPSS