PT-2025-18319 · Xwiki · Xwiki Contrib'S Syntax Markdown
Michael Hamann
·
Published
2025-04-30
·
Updated
2025-08-26
·
CVE-2025-46558
CVSS v3.1
9.0
Critical
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
XWiki Contrib's Syntax Markdown versions 8.2 through 8.8
Description
The issue allows any user to embed Javascript code using Markdown syntax, which can be executed on the browser of other users visiting the document or comment containing it. This compromises the confidentiality, integrity, and availability of the entire XWiki installation, especially if the code is executed by a user with administrative or programming rights.
Recommendations
For versions 8.2 through 8.8, update to version 8.9 to resolve the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xwiki Contrib'S Syntax Markdown