Maven package
org.xwiki.rendering/xwiki-rendering-xml
pkg:maven/org.xwiki.rendering/xwiki-rendering-xml
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-66474 | — | < 16.10.10 | 16.10.10 | Dec 10, 2025 | XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against {{/htm | ||
| CVE-2023-37908 | — | >= 14.6-rc-1, < 14.10.4 | 14.10.4 | Oct 25, 2023 | XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via inva |
- CVE-2025-66474Dec 10, 2025affected < 16.10.10fixed 16.10.10
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against {{/htm
- CVE-2023-37908Oct 25, 2023affected >= 14.6-rc-1, < 14.10.4fixed 14.10.4
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via inva