CVE-2024-52300 – XWiki PDF Viewer Macro Stored Cross-Site Scripting

11月 13, 2024
5:17 pm

CVE ID : CVE-2024-52300

Published : Nov. 13, 2024, 4:15 p.m. | 1 hour, 1 minute ago

Description : macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn’t properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.

Severity: 9.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-52300 – XWiki PDF Viewer Macro Stored Cross-Site Scripting

Elvescore.io

Recent Posts

CVE-2024-12951 – “1000 Projects Portfolio Management System MCA PHP Unrestricted File Upload Vulnerability”

CVE-2024-12952 – Apple App Store MelMass Comfy_mtB Code Injection Vulnerability

CVE-2024-47149 – Honor Incorrect Privilege Assignment Vulnerability

CVE-2024-47150 – Honor Information Leak Vulnerability

CVE-2024-12949 – Code-projects Travel Management System SQL Injection Vulnerability

CVE-2024-12950 – Adobe Code-Projects Travel Management System SQL Injection Vulnerability

CVE-2024-52300 – XWiki PDF Viewer Macro Stored Cross-Site Scripting

CVE-2024-52300 – XWiki PDF Viewer Macro Stored Cross-Site Scripting