CNNVD-202512-1765 Information
CNNVD ID
CNNVD-202512-1765
Related CVE
- CNNVD Published: 2025-12-10
Description (Chinese)
XWiki Rendering是XWiki基金会的一个通用渲染系统,它将给定语法(wiki 语法、HTML 等)中的文本输入转换为另一种语法(XHTML 等)。 XWiki Rendering 16.10.9及之前版本、17.0.0-rc-1至17.4.2版本和17.5.0-rc-1至17.5.0版本存在安全漏洞,该漏洞源于html注入保护不足,可能导致远程代码执行。
Description (English)
XWiki Rendering is a common rendering system of the XWiki Foundation, which converts text input into a given syntax (wiki syntax, HTML, etc.) to another syntax (XHTML, etc.). XWiki Rendering 16.10.9 and previous versions, 17.0.0-rc-1-17.4.2 and 17.5.0-rc-1-17.5.0 have security gaps that stem from inadequate html injection protection and may lead to remote code implementation.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
XWiki
Published
2025-12-10
Last Modified
2026-02-24
References
https://github.com/xwiki/xwiki-platform/commit/12b780ccd5bca5fc8f74f46648d7e02fa04fbc11 https://jira.xwiki.org/browse/XRENDERING-793 https://jira.xwiki.org/browse/XRENDERING-693 https://jira.xwiki.org/browse/XRENDERING-792 https://github.com/xwiki/xwiki-rendering/commit/9b71a2ee035815cfc29cebbfe81dbdd98f941d49 https://jira.xwiki.org/browse/XWIKI-23378 https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-9xc6-c2rm-f27p https://access.redhat.com/security/cve/cve-2025-66474
Patch
https://www.xwiki.org/xwiki/bin/view/Download/
Share on: