CNNVD-202509-1206 Information
CNNVD ID
CNNVD-202509-1206
Related CVE
- CNNVD Published: 2025-09-09
Description (Chinese)
xwiki-pro-macros是XWiki SAS开源的一个工具。可以增强 XWiki 的功能。 xwiki-pro-macros 1.26.5之前版本存在安全漏洞,该漏洞源于缺少对title参数的转义,可能导致远程代码执行。
Description (English)
xwiki-pro-macros is an open source tool for XWiki SAS. The function of XWiki can be enhanced. Xwiki-pro-macros 1.26.5 has a security loophole, which stems from a lack of transposition of the title parameter, which may lead to remote code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
XWiki SAS
Published
2025-09-09
Last Modified
2026-02-24
References
https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-5w8v-h22g-j2mp https://github.com/xwikisas/xwiki-pro-macros/blob/93ac1a38c829e3ef787379b2b45eb043a573e5f7/xwiki-pro-macros-confluence-bridges/xwiki-pro-macros-confluence-bridges-ui/src/main/resources/Confluence/Macros/ConfluencePasteCodeMacro.xml#L435 https://github.com/xwikisas/xwiki-pro-macros/commit/049716df415aaf00938a91d618d382777820d2af https://jira.xwiki.org/browse/XWIKI-20449 https://access.redhat.com/security/cve/cve-2025-55730
Patch
https://github.com/xwikisas/xwiki-pro-macros/tags
Share on: