Home

Description

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.

PUBLISHED Reserved 2024-11-06 | Published 2024-11-13 | Updated 2024-11-13 | Assigner GitHub_M




CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Product status

< 2.5.6
affected

References

github.com/...viewer/security/advisories/GHSA-84wx-6vfp-5m6g

cve.org (CVE-2024-52300)

nvd.nist.gov (CVE-2024-52300)

Download JSON