CNNVD-202507-1933 Information
CNNVD ID
CNNVD-202507-1933
Related CVE
- CNNVD Published: 2025-07-14
Description (Chinese)
XWiki Rendering是XWiki基金会的一个通用渲染系统,它将给定语法(wiki 语法、HTML 等)中的文本输入转换为另一种语法(XHTML 等)。 XWiki Rendering 5.4.5至14.10之前版本存在安全漏洞,该漏洞源于XHTML语法依赖xdom+xml/current语法,可能导致跨站脚本攻击。
Description (English)
XWiki Rendering is a common rendering system of the XWiki Foundation, which converts text input into a given syntax (wiki syntax, HTML, etc.) to another syntax (XHTML, etc.). There was a security loophole in the pre-XWiki Rendering 5.4.5 to 14.10 that originated in the reliance of the XHTML syntax on xdom+xml/current, which could lead to cross-site script attacks.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
xxyopen
Published
2025-07-14
Last Modified
2026-02-24
References
https://github.com/xwiki/xwiki-rendering/commit/a4ca31f99f524b9456c64150d6f375984aa81ea7 https://jira.xwiki.org/browse/XRENDERING-660 https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-w3wh-g4m9-783p https://nvd.nist.gov/vuln/detail/CVE-2025-53835 https://access.redhat.com/security/cve/cve-2025-53835
Patch
https://github.com/xwiki/xwiki-rendering/releases
Share on: