macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HXwiki Pdf Viewer Macro
APPXwiki< 2.5.6
Related vulnerabilities
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker ...
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFVie...
XWiki Platform — niezautoryzowany RCE przez endpoint SolrSearch
SQL Injection w XWiki Full Calendar Macro — dostęp bez uwierzytelnienia
XWiki Pro Macros: RCE przez brak escapowania parametru width w makro column