CVE-2025-55728 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5,…
Critical CVSS: 10.0

CVE-2025-55728

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the classes parameter in the panel macro allows remote code execution for any user who can edit any page The classes parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution. Version 1.26.5 contains a patch for the issue.
Vendor
Xwiki
Product
Pro Macros
CWE
CWE-95
Yayın Tarihi
2025-09-09 19:15:56
Güncelleme
2025-09-17 19:45:32
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-95 Pro Macros CRITICAL Xwiki 2025

Referanslar

https://github.com/xwikisas/xwiki-pro-macros/blob/93ac1a38c829e3ef787379b2b45eb043a573e5f7/xwiki-pro-macros-ui/src/main/resources/XWiki/Macros/Panel.xml#L554 https://github.com/xwikisas/xwiki-pro-macros/commit/3ca815294bf54fc024b2363efbece7aa08b8efd5 https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-48f4-h726-74p5 https://jira.xwiki.org/browse/XWIKI-20449 https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-48f4-h726-74p5 https://jira.xwiki.org/browse/XWIKI-20449