Vulnerabilites related to xwikisas - xwiki-pro-macros
CVE-2024-42489 (GCVE-0-2024-42489)
Vulnerability from cvelistv5
Published
2024-08-12 15:49
Modified
2024-08-13 20:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Summary
Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This vulnerability is fixed in 1.10.1.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
xwikisas | xwiki-pro-macros |
Version: >= 1.0, < 1.10.1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:xwikisas:xwiki-pro-macros:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "xwiki-pro-macros", "vendor": "xwikisas", "versions": [ { "lessThan": "1.10.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-42489", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-13T20:40:37.614178Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-13T20:43:35.138Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "xwiki-pro-macros", "vendor": "xwikisas", "versions": [ { "status": "affected", "version": "\u003e= 1.0, \u003c 1.10.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This vulnerability is fixed in 1.10.1." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-12T15:49:18.935Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-cfq3-q227-7j65", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-cfq3-q227-7j65" }, { "name": "https://github.com/xwikisas/xwiki-pro-macros/commit/199553c84901999481a20614f093af2d57970eba", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/commit/199553c84901999481a20614f093af2d57970eba" }, { "name": "https://github.com/xwikisas/xwiki-pro-macros/blob/main/xwiki-pro-macros-ui/src/main/resources/Confluence/Macros/Viewpdf.xml#L265-L267", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/blob/main/xwiki-pro-macros-ui/src/main/resources/Confluence/Macros/Viewpdf.xml#L265-L267" } ], "source": { "advisory": "GHSA-cfq3-q227-7j65", "discovery": "UNKNOWN" }, "title": "Pro Macros Remote Code Execution via Viewpdf and similar macros" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-42489", "datePublished": "2024-08-12T15:49:18.935Z", "dateReserved": "2024-08-02T14:13:04.618Z", "dateUpdated": "2024-08-13T20:43:35.138Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-55730 (GCVE-0-2025-55730)
Vulnerability from cvelistv5
Published
2025-09-09 18:53
Modified
2025-09-10 13:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Summary
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the title in the confluence paste code macro allows remote code execution for any user who can edit any page. The classes parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution. Version 1.26.5 has a fix for the issue.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
xwikisas | xwiki-pro-macros |
Version: >= 1.0, < 1.26.5 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-55730", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-09-10T13:52:35.463755Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-10T13:53:06.252Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "xwiki-pro-macros", "vendor": "xwikisas", "versions": [ { "status": "affected", "version": "\u003e= 1.0, \u003c 1.26.5" } ] } ], "descriptions": [ { "lang": "en", "value": "XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the title in the confluence paste code macro allows remote code execution for any user who can edit any page. The classes parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution. Version 1.26.5 has a fix for the issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-116", "description": "CWE-116: Improper Encoding or Escaping of Output", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-09T18:53:53.410Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-5w8v-h22g-j2mp", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-5w8v-h22g-j2mp" }, { "name": "https://github.com/xwikisas/xwiki-pro-macros/commit/049716df415aaf00938a91d618d382777820d2af", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/commit/049716df415aaf00938a91d618d382777820d2af" }, { "name": "https://github.com/xwikisas/xwiki-pro-macros/blob/93ac1a38c829e3ef787379b2b45eb043a573e5f7/xwiki-pro-macros-confluence-bridges/xwiki-pro-macros-confluence-bridges-ui/src/main/resources/Confluence/Macros/ConfluencePasteCodeMacro.xml#L435", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/blob/93ac1a38c829e3ef787379b2b45eb043a573e5f7/xwiki-pro-macros-confluence-bridges/xwiki-pro-macros-confluence-bridges-ui/src/main/resources/Confluence/Macros/ConfluencePasteCodeMacro.xml#L435" }, { "name": "https://jira.xwiki.org/browse/XWIKI-20449", "tags": [ "x_refsource_MISC" ], "url": "https://jira.xwiki.org/browse/XWIKI-20449" } ], "source": { "advisory": "GHSA-5w8v-h22g-j2mp", "discovery": "UNKNOWN" }, "title": "XWiki Remote Macros vulnerable to remote code execution using the confluence paste code macro" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2025-55730", "datePublished": "2025-09-09T18:53:53.410Z", "dateReserved": "2025-08-14T22:31:17.682Z", "dateUpdated": "2025-09-10T13:53:06.252Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-55727 (GCVE-0-2025-55727)
Vulnerability from cvelistv5
Published
2025-09-09 18:31
Modified
2025-09-10 14:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Summary
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for any user who can edit any page or who can access the CKEditor converter. The width parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution when the macro has been installed by a user with programming right, or it at least allows executing Velocity code as the wiki admin. Version 1.26.5 contains a patch for the issue.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
xwikisas | xwiki-pro-macros |
Version: >= 1.0, < 1.26.5 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-55727", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-09-10T14:14:03.523665Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-10T14:14:06.852Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "references": [ { "tags": [ "exploit" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-hxqp-983c-m8h9" } ], "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "xwiki-pro-macros", "vendor": "xwikisas", "versions": [ { "status": "affected", "version": "\u003e= 1.0, \u003c 1.26.5" } ] } ], "descriptions": [ { "lang": "en", "value": "XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for any user who can edit any page or who can access the CKEditor converter. The width parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution when the macro has been installed by a user with programming right, or it at least allows executing Velocity code as the wiki admin. Version 1.26.5 contains a patch for the issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-95", "description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-09T18:31:08.108Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-hxqp-983c-m8h9", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-hxqp-983c-m8h9" }, { "name": "https://github.com/xwikisas/xwiki-pro-macros/commit/05651adb4b58d03ba862d5290c645feeffd2121b", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/commit/05651adb4b58d03ba862d5290c645feeffd2121b" }, { "name": "https://github.com/xwikisas/xwiki-pro-macros/blob/aed17fa3db4081846dbb6bdf76ba10cf44401c44/xwiki-pro-macros-ui/src/main/resources/Confluence/Macros/Column.xml#L438", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/blob/aed17fa3db4081846dbb6bdf76ba10cf44401c44/xwiki-pro-macros-ui/src/main/resources/Confluence/Macros/Column.xml#L438" } ], "source": { "advisory": "GHSA-hxqp-983c-m8h9", "discovery": "UNKNOWN" }, "title": "XWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2025-55727", "datePublished": "2025-09-09T18:31:08.108Z", "dateReserved": "2025-08-14T22:31:17.681Z", "dateUpdated": "2025-09-10T14:14:06.852Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-55728 (GCVE-0-2025-55728)
Vulnerability from cvelistv5
Published
2025-09-09 18:40
Modified
2025-09-11 13:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Summary
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the classes parameter in the panel macro allows remote code execution for any user who can edit any page The classes parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution. Version 1.26.5 contains a patch for the issue.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
xwikisas | xwiki-pro-macros |
Version: >= 1.0, < 1.26.5 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-55728", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-09-11T13:15:05.740779Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-11T13:15:28.508Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "references": [ { "tags": [ "exploit" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-48f4-h726-74p5" }, { "tags": [ "exploit" ], "url": "https://jira.xwiki.org/browse/XWIKI-20449" } ], "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "xwiki-pro-macros", "vendor": "xwikisas", "versions": [ { "status": "affected", "version": "\u003e= 1.0, \u003c 1.26.5" } ] } ], "descriptions": [ { "lang": "en", "value": "XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the classes parameter in the panel macro allows remote code execution for any user who can edit any page The classes parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution. Version 1.26.5 contains a patch for the issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-95", "description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-09T18:40:51.874Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-48f4-h726-74p5", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-48f4-h726-74p5" }, { "name": "https://github.com/xwikisas/xwiki-pro-macros/commit/3ca815294bf54fc024b2363efbece7aa08b8efd5", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/commit/3ca815294bf54fc024b2363efbece7aa08b8efd5" }, { "name": "https://github.com/xwikisas/xwiki-pro-macros/blob/93ac1a38c829e3ef787379b2b45eb043a573e5f7/xwiki-pro-macros-ui/src/main/resources/XWiki/Macros/Panel.xml#L554", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/blob/93ac1a38c829e3ef787379b2b45eb043a573e5f7/xwiki-pro-macros-ui/src/main/resources/XWiki/Macros/Panel.xml#L554" }, { "name": "https://jira.xwiki.org/browse/XWIKI-20449", "tags": [ "x_refsource_MISC" ], "url": "https://jira.xwiki.org/browse/XWIKI-20449" } ], "source": { "advisory": "GHSA-48f4-h726-74p5", "discovery": "UNKNOWN" }, "title": "XWiki Remote Macros vulnerable to remote code execution using the panel macro" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2025-55728", "datePublished": "2025-09-09T18:40:51.874Z", "dateReserved": "2025-08-14T22:31:17.682Z", "dateUpdated": "2025-09-11T13:15:28.508Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-55729 (GCVE-0-2025-55729)
Vulnerability from cvelistv5
Published
2025-09-09 18:51
Modified
2025-09-10 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Summary
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the ac:type in the ConfluenceLayoutSection macro allows remote code execution for any user who can edit any page The classes parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution. Version 1.26.5 has a fix for the issue.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
xwikisas | xwiki-pro-macros |
Version: >= 1.0, < 1.26.5 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-55729", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-09-10T13:54:45.593636Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-10T13:55:00.520Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "xwiki-pro-macros", "vendor": "xwikisas", "versions": [ { "status": "affected", "version": "\u003e= 1.0, \u003c 1.26.5" } ] } ], "descriptions": [ { "lang": "en", "value": "XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the ac:type in the ConfluenceLayoutSection macro allows remote code execution for any user who can edit any page The classes parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution. Version 1.26.5 has a fix for the issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-116", "description": "CWE-116: Improper Encoding or Escaping of Output", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-09T18:51:47.265Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-22xj-jpjg-gpgw", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-22xj-jpjg-gpgw" }, { "name": "https://github.com/xwikisas/xwiki-pro-macros/commit/06e6cf3893227527d0242a11e390642178d9df05", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/commit/06e6cf3893227527d0242a11e390642178d9df05" }, { "name": "https://github.com/xwikisas/xwiki-pro-macros/blob/93ac1a38c829e3ef787379b2b45eb043a573e5f7/xwiki-pro-macros-confluence-bridges/xwiki-pro-macros-confluence-bridges-ui/src/main/resources/Confluence/Macros/ConfluenceLayoutSection.xml#L518", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/xwikisas/xwiki-pro-macros/blob/93ac1a38c829e3ef787379b2b45eb043a573e5f7/xwiki-pro-macros-confluence-bridges/xwiki-pro-macros-confluence-bridges-ui/src/main/resources/Confluence/Macros/ConfluenceLayoutSection.xml#L518" }, { "name": "https://jira.xwiki.org/browse/XWIKI-20449", "tags": [ "x_refsource_MISC" ], "url": "https://jira.xwiki.org/browse/XWIKI-20449" } ], "source": { "advisory": "GHSA-22xj-jpjg-gpgw", "discovery": "UNKNOWN" }, "title": "XWiki Remote Macros vulnerable to remote code execution using the ConfluenceLayoutSection macro" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2025-55729", "datePublished": "2025-09-09T18:51:47.265Z", "dateReserved": "2025-08-14T22:31:17.682Z", "dateUpdated": "2025-09-10T13:55:00.520Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }