PT-2025-50546 · Xwiki · Xwiki Platform Flamingo Skin Resources+1
Published
2025-05-25
·
Updated
2026-02-18
·
CVE-2025-66472
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
XWiki Platform Flamingo Skin Resources versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1
XWiki Platform Web Templates versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1
Description
The XWiki Platform is a wiki platform that provides runtime services for applications. Affected versions are susceptible to a reflected cross-site scripting (XSS) attack. The attack occurs through a deletion confirmation message, where an attacker-supplied script is executed when a victim clicks the "No" button.
Recommendations
Update XWiki Platform Flamingo Skin Resources to version 16.10.10 or later.
Update XWiki Platform Web Templates to version 16.10.10 or later.
Update XWiki Platform Flamingo Skin Resources to version 17.4.2 or later.
Update XWiki Platform Web Templates to version 17.4.2 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Xwiki Platform Flamingo Skin Resources
Xwiki-Platform-Web-Templates