Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-52300

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.

Published

2024-11-13T16:15:20.240

Last Modified

2024-11-18T17:29:46.807

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.0 (CRITICAL)

Weaknesses

Type: Secondary
CWE-80
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	xwiki	pdf_viewer_macro	< 2.5.6	Yes

References

https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-84wx-6vfp-5m6g Third Party Advisory ([email protected])