Security Advisory

CVE-2024-52300

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-11-13 15:24:59
Last updated 2024-11-13 19:10:59
Assigner GitHub_M
State PUBLISHED

Description

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isnt properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.