5.3

CVE-2025-65090

EPSS 0.03%
Veröffentlicht 10.01.2026 03:05:06
Zuletzt bearbeitet 29.01.2026 17:27:42
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page (including guest users) can exploit the data leak vulnerability by accessing database info, with the exception of passwords. This issue has been patched in version 2.4.6.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xwiki ≫ Full Calendar Macro SwPlatformxwiki Version < 2.4.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.085

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/xwiki-contrib/macro-fullcalendar/security/advisories/GHSA-637h-ch24-xp9m

Third Party Advisory

https://github.com/xwiki-contrib/macro-fullcalendar/commit/25bc14c181c9a92f493b20ac264388c7ba171884

Patch

https://jira.xwiki.org/browse/FULLCAL-82

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2025-65090

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-65090

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-65090

EUVD