Farcasut

Name of the Vulnerable Software and Affected Versions: XWiki Remote Macros versions 1.0 through 1.26.5 Description: XWiki Remote Macros provides XWiki rendering macros used for content migration from Confluence. A lack of escaping for the `classes` parameter within the panel macro allows for remote code execution. This affects any user with page editing permissions, as the `classes` parameter is used without proper escaping in XWiki syntax, enabling XWiki syntax injection. Recommendations: Update to version 1.26.5 or later.

Name of the Vulnerable Software and Affected Versions: XWiki Remote Macros versions 1.0 through 1.26.5 Description: XWiki Remote Macros provides XWiki rendering macros used for migrating content from Confluence. A missing escaping mechanism in the confluence paste code macro allows for remote code execution for users with page editing permissions. The `classes` parameter is used without proper escaping, leading to XWiki syntax injection, which can enable remote code execution. Recommendations: Update to version 1.26.5 or later.