VYPR

Xwiki Rendering

by Cryptpad

Source repositories

CVEs (6)

  • CVE-2025-66474Dec 10, 2025
    risk 0.00cvss epss 0.01

    XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against…

  • CVE-2025-53836Jul 14, 2025
    risk 0.00cvss epss 0.01

    XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't…

  • CVE-2025-53835Jul 14, 2025
    risk 0.00cvss epss 0.00

    XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the `xdom+xml/current` syntax which allows…

  • CVE-2023-37912Oct 25, 2023
    risk 0.00cvss epss 0.01

    XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version…

  • CVE-2023-37908Oct 25, 2023
    risk 0.00cvss epss 0.01

    XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via…

  • CVE-2023-32070May 10, 2023
    risk 0.00cvss epss 0.01

    XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in…