First published: Wed Nov 13 2024(Updated: )
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Xwiki Pdf Viewer Macro | <2.5.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.