CVE-2025-49580

High CVSS: 8.5

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability is fixed in 17.1.0-rc-1, 16.10.4, and 16.4.7.

Vendor

Xwiki

Product

Xwiki

CWE

CWE-266

Yayın Tarihi

2025-06-13 16:15:27

Güncelleme

2025-09-03 17:52:44

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-266 Xwiki HIGH Xwiki 2025

Referanslar

https://github.com/xwiki/xwiki-platform/commit/ab209acd780da69a4c5ff77ff011efd698273cec https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jm43-hrq7-r7w6 https://jira.xwiki.org/browse/XWIKI-22836

Benzer Kayıtlar

Medium

CVE-2026-26000

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0…

Medium

CVE-2026-24128

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-mi…

Medium

CVE-2025-65090

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights…

Critical

CVE-2025-65091

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right t…

High

CVE-2025-66474

XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) int…

Medium

CVE-2025-66472

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-mi…