CNNVD-202509-1210 Information
CNNVD ID
CNNVD-202509-1210
Related CVE
- CNNVD Published: 2025-09-09
Description (Chinese)
xwiki-pro-macros是XWiki SAS开源的一个工具。可以增强 XWiki 的功能。 xwiki-pro-macros 1.26.5之前版本存在安全漏洞,该漏洞源于缺少对width参数的转义,可能导致远程代码执行。
Description (English)
xwiki-pro-macros is an open source tool for XWiki SAS. The function of XWiki can be enhanced. There is a security loophole in the pre-xwiki-pro-macros 1.26.5 version, which stems from the lack of a conversion of the width parameter, which may lead to remote code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
XWiki SAS
Published
2025-09-09
Last Modified
2026-02-24
References
https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-hxqp-983c-m8h9 https://github.com/xwikisas/xwiki-pro-macros/blob/aed17fa3db4081846dbb6bdf76ba10cf44401c44/xwiki-pro-macros-ui/src/main/resources/Confluence/Macros/Column.xml#L438 https://github.com/xwikisas/xwiki-pro-macros/commit/05651adb4b58d03ba862d5290c645feeffd2121b https://access.redhat.com/security/cve/cve-2025-55727
Patch
https://github.com/xwikisas/xwiki-pro-macros/tags
Share on: