macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.
Metrics
Affected Vendors & Products
References
History
Wed, 13 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Xwikisas
Xwikisas macro Pdfviewer |
|
CPEs | cpe:2.3:a:xwikisas:macro_pdfviewer:*:*:*:*:*:*:*:* | |
Vendors & Products |
Xwikisas
Xwikisas macro Pdfviewer |
|
Metrics |
ssvc
|
Wed, 13 Nov 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6. | |
Title | macro-pdfviewer has a XSS through the width parameter | |
Weaknesses | CWE-80 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-13T15:24:59.125Z
Updated: 2024-11-13T19:10:59.349Z
Reserved: 2024-11-06T19:00:26.396Z
Link: CVE-2024-52300
Vulnrichment
Updated: 2024-11-13T19:10:52.296Z
NVD
Status : Awaiting Analysis
Published: 2024-11-13T16:15:20.240
Modified: 2024-11-13T17:01:16.850
Link: CVE-2024-52300
Redhat
No data.