Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This vulnerability is fixed in 1.10.1.
The Viewpdf macro does not properly escape data passed to the XWiki rendering process. An attacker with permission to view the `CKEditor.HTMLConverter` page or permission to edit or comment on any page can inject a malicious payload that will be executed on the server side. The same mechanism applies to the Viewppt macro and potentially other similar macros in this package. The vulnerability is classified as injection (CWE-74), meaning that untrusted data reaches the interpreter directly without proper sanitization.
An attacker can gain full control of the XWiki server through remote code execution, which includes data theft, content modification, and the ability to perform lateral movement within the network.
XWiki Pro Macros should be updated to version 1.10.1 or newer, where the bug has been fixed. Detailed information is available in the manufacturer's references and in commit 199553c84901999481a20614f093af2d57970eba in the GitHub repository.
XWiki Pro Macros in versions prior to 1.10.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HXwiki Pro Macros
APPXwiki1.0 – 1.10.1 (bez)
Related vulnerabilities
XWiki Pro Macros: RCE przez brak escapowania parametru width w makro column
RCE przez XWiki syntax injection w parametrze classes makra Panel
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Pr...
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Pr...
XWiki Platform — niezautoryzowany RCE przez endpoint SolrSearch