VYPR

Maven package

org.xwiki.rendering/xwiki-rendering-xml

pkg:maven/org.xwiki.rendering/xwiki-rendering-xml

Vulnerabilities (2)

  • CVE-2025-66474Dec 10, 2025
    affected < 16.10.10fixed 16.10.10

    XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against {{/htm

  • CVE-2023-37908Oct 25, 2023
    affected >= 14.6-rc-1, < 14.10.4fixed 14.10.4

    XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via inva