CVE-2024-52300
CVSS V2 None
CVSS V3 None
Description
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.
Overview
- CVE ID
- CVE-2024-52300
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-13T15:24:59.125Z
- Last Modified Date
- 2024-11-13T19:10:59.349Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-84wx-6vfp-5m6g | x_refsource_CONFIRM |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-52300 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52300 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-14 13:26:39 | Added to TrackCVE |