CNNVD-202508-403 Information
CNNVD ID
CNNVD-202508-403
Related CVE
- CNNVD Published: 2025-08-06
Description (Chinese)
XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在安全漏洞,该漏洞源于模板包含反射型跨站脚本,可能导致执行恶意代码。以下版本受到影响:4.2-milestone-3至16.4.7版本、16.5.0-rc-1至16.10.5版本和17.0.0-rc-1至17.2.2版本。
Description (English)
XWiki Platform is an open source of XWiki ’ s Wiki platform for creating a Web collaborative application. There is a security loophole in XWiki Platform, which stems from the fact that the template contains reflective cross-site scripts, which may lead to the implementation of malicious codes. The following versions were affected: 4.2-milestone-3 to 16.4.7, 16.5.0-rc-1 to 16.10.5 and 17.0.0-rc-1 to 17.2.2.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
XWiki
Published
2025-08-06
Last Modified
2026-02-24
References
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m9x4-w7p9-mxhx https://jira.xwiki.org/browse/XWIKI-23096 https://github.com/xwiki/xwiki-platform/commit/e5926a938cbecc8b1eaa48053d8d370cff107cb0 https://access.redhat.com/security/cve/cve-2025-32430 https://nvd.nist.gov/vuln/detail/CVE-2025-32430
Patch
https://www.xwiki.org/xwiki/bin/view/Main/WebHome
Share on: