HIGH🇵🇱 Wersja polska

CVE-2024-52299

CVSS 7.5v3.1pub. 2024-11-13upd. 2024-11-18

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Xwiki Pdf Viewer Macro

    APP
    Xwiki
    < 2.5.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-52300CRITICAL9.0PL ✓ten sam produkt

XSS w parametrze width makra PDF Viewer dla XWiki

CVE-2024-52298HIGH7.5ten sam produkt

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker ...

CVE-2025-24893CRITICAL9.8⚠ KEVPL ✓ten sam vendor

XWiki Platform — niezautoryzowany RCE przez endpoint SolrSearch

CVE-2025-65091CRITICAL10.0PL ✓ten sam vendor

SQL Injection w XWiki Full Calendar Macro — dostęp bez uwierzytelnienia

CVE-2025-55727CRITICAL10.0PL ✓ten sam vendor

XWiki Pro Macros: RCE przez brak escapowania parametru width w makro column