CNNVD-202509-1208 Information
CNNVD ID
CNNVD-202509-1208
Related CVE
- CNNVD Published: 2025-09-09
Description (Chinese)
xwiki-pro-macros是XWiki SAS开源的一个工具。可以增强 XWiki 的功能。 xwiki-pro-macros 1.26.5之前版本存在安全漏洞,该漏洞源于缺少对classes参数的转义,可能导致远程代码执行。
Description (English)
xwiki-pro-macros is an open source tool for XWiki SAS. The function of XWiki can be enhanced. There was a security loophole in the pre-xwiki-pro-macros 1.26.5 version, which stemmed from the lack of cross-references to the casses parameters, which could lead to remote code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
XWiki SAS
Published
2025-09-09
Last Modified
2026-02-24
References
https://github.com/xwikisas/xwiki-pro-macros/blob/93ac1a38c829e3ef787379b2b45eb043a573e5f7/xwiki-pro-macros-ui/src/main/resources/XWiki/Macros/Panel.xml#L554 https://github.com/xwikisas/xwiki-pro-macros/commit/3ca815294bf54fc024b2363efbece7aa08b8efd5 https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-48f4-h726-74p5 https://jira.xwiki.org/browse/XWIKI-20449 https://access.redhat.com/security/cve/cve-2025-55728
Patch
https://github.com/xwikisas/xwiki-pro-macros/tags
Share on: