Xwiki Pdf Viewer Macro
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Xwiki Pdf Viewer Macro.
By the Year
In 2025 there have been 0 vulnerabilities in Xwiki Pdf Viewer Macro. Last year, in 2024 Pdf Viewer Macro had 3 security vulnerabilities published. Right now, Pdf Viewer Macro is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 3 | 8.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Pdf Viewer Macro vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Xwiki Pdf Viewer Macro Security Vulnerabilities
XWiki PDF Viewer Macro XSS Vulnerability in width Parameter
CVE-2024-52300
9 - Critical
- November 13, 2024
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.
XSS
XWiki PDF Viewer Macro Access Control Vulnerability
CVE-2024-52299
7.5 - High
- November 13, 2024
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6.
Generation of Predictable Numbers or Identifiers
XWiki PDF Viewer Macro Access Control Vulnerability
CVE-2024-52298
7.5 - High
- November 13, 2024
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs to provide the reference to a PDF file to the macro. To obtain the reference of the desired attachment, the attacker can access the Page Index, Attachments tab. Even if the UI shows N/A, the user can inspect the page and check the HTTP request that fetches the live data entries. The attachment URL is available in the returned JSON for all attachments, including protected ones and allows getting the necessary values. This vulnerability is fixed in version 2.5.6.
Inclusion of Sensitive Information in Source Code Comments
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Xwiki Pdf Viewer Macro or by Xwiki? Click the Watch button to subscribe.