Unrated severityNVD Advisory· Published Nov 13, 2024· Updated Nov 13, 2024
macro-pdfviewer has a XSS through the width parameter
CVE-2024-52300
Description
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.5.6+ 1 more
- (no CPE)range: <2.5.6
- (no CPE)range: < 2.5.6
Patches
Vulnerability mechanics
References
1- github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-84wx-6vfp-5m6gmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.