CVE-2026-26000

Medium CVSS: 5.3

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. This vulnerability is fixed in 17.9.0, 17.4.6, and 16.10.13.

Vendor

Xwiki

Product

Xwiki

CWE

CWE-1021

Yayın Tarihi

2026-02-12 21:16:02

Güncelleme

2026-02-19 19:22:44

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-1021 Xwiki MEDIUM Xwiki 2026

Referanslar

https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.4.6 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-74rh-c5rh-88vg

Benzer Kayıtlar

Medium

CVE-2026-24128

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-mi…

Medium

CVE-2025-65090

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights…

Critical

CVE-2025-65091

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right t…

High

CVE-2025-66474

XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) int…

Medium

CVE-2025-66472

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-mi…

High

CVE-2025-66473

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1…