Pdf Viewer Macro Xwiki Pdf Viewer Macro

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Xwiki Pdf Viewer Macro.

By the Year

In 2025 there have been 0 vulnerabilities in Xwiki Pdf Viewer Macro. Last year, in 2024 Pdf Viewer Macro had 3 security vulnerabilities published. Right now, Pdf Viewer Macro is on track to have less security vulnerabilities in 2025 than it did last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 3 8.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Pdf Viewer Macro vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Xwiki Pdf Viewer Macro Security Vulnerabilities

XWiki PDF Viewer Macro XSS Vulnerability in width Parameter

CVE-2024-52300 9 - Critical - November 13, 2024

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.

XSS

XWiki PDF Viewer Macro Access Control Vulnerability

CVE-2024-52299 7.5 - High - November 13, 2024

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6.

Generation of Predictable Numbers or Identifiers

XWiki PDF Viewer Macro Access Control Vulnerability

CVE-2024-52298 7.5 - High - November 13, 2024

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs to provide the reference to a PDF file to the macro. To obtain the reference of the desired attachment, the attacker can access the Page Index, Attachments tab. Even if the UI shows N/A, the user can inspect the page and check the HTTP request that fetches the live data entries. The attachment URL is available in the returned JSON for all attachments, including protected ones and allows getting the necessary values. This vulnerability is fixed in version 2.5.6.

Inclusion of Sensitive Information in Source Code Comments

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Xwiki Pdf Viewer Macro or by Xwiki? Click the Watch button to subscribe.

Xwiki
Vendor

subscribe