Xwiki

Pdf Viewer Macro

3 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2024-52300

  • EPSS 1.68%
  • Published 13.11.2024 16:15:20
  • Last modified 18.11.2024 17:29:46

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of...

7.5

CVE-2024-52298

Exploit
  • EPSS 0.23%
  • Published 13.11.2024 16:15:19
  • Last modified 18.11.2024 17:29:27

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to th...

7.5

CVE-2024-52299

  • EPSS 0.19%
  • Published 13.11.2024 16:15:19
  • Last modified 18.11.2024 17:29:37

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on...