CNNVD-202507-1893 Information
CNNVD ID
CNNVD-202507-1893
Related CVE
- CNNVD Published: 2025-07-14
Description (Chinese)
XWiki Rendering是XWiki基金会的一个通用渲染系统,它将给定语法(wiki 语法、HTML 等)中的文本输入转换为另一种语法(XHTML 等)。 XWiki Rendering 4.2-milestone-1之前版本、13.10.11之前版本、14.4.7之前版本和14.10之前版本存在安全漏洞,该漏洞源于宏内容解析器未保留转换上下文限制属性,可能导致执行受限宏。
Description (English)
XWiki Rendering is a common rendering system of the XWiki Foundation, which converts text input into a given syntax (wiki syntax, HTML, etc.) to another syntax (XHTML, etc.). XWiki Rendering 4.2-milestone-1, 13.10.11, 14.4.7 and 14.10 have a security loophole, which stems from the fact that macro content resolutioners do not retain context conversion limit properties and may lead to the execution of restricted macros.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
xxyopen
Published
2025-07-14
Last Modified
2026-02-24
References
https://jira.xwiki.org/browse/XWIKI-20375 https://github.com/xwiki/xwiki-rendering/commit/c73fa3ccd4ac59057e48e5d4325f659e78e8f86d https://jira.xwiki.org/browse/XRENDERING-689 https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-32mf-57h2-64x9 https://nvd.nist.gov/vuln/detail/CVE-2025-53836 https://access.redhat.com/security/cve/cve-2025-53836
Patch
https://github.com/xwiki/xwiki-rendering/releases
Share on: