CVE-2024-52300

macro-pdfviewer has a XSS through the width parameter

Description

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.

INFO

Published Date :

2024-11-13T15:24:59.125Z

Last Modified :

2024-11-13T19:10:59.349Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-52300 vulnerability.

Vendors	Products
Xwiki	Pdf Viewer Macro
Xwikisas	Macro Pdfviewer

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-52300.

URL	Resource
https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-84wx-6vfp-5m6g

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact