XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:NXwiki Pro Macros
APPXwiki< 1.27.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2025-55727CRITICAL10.0PL ✓ten sam produkt
XWiki Pro Macros: RCE przez brak escapowania parametru width w makro column
CVE-2025-55728CRITICAL10.0PL ✓ten sam produkt
RCE przez XWiki syntax injection w parametrze classes makra Panel
CVE-2024-42489CRITICAL10.0PL ✓ten sam produkt
RCE przez brak escapowania w makrze Viewpdf w XWiki Pro Macros
CVE-2025-65036HIGH8.3ten sam produkt
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Pr...
CVE-2025-24893CRITICAL9.8⚠ KEVPL ✓ten sam vendor
XWiki Platform — niezautoryzowany RCE przez endpoint SolrSearch