- Description
- XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting (XSS) through HTML. In particular, using Markdown syntax, it's possible for any user to embed Javascript code that will then be executed on the browser of any other user visiting either the document or the comment that contains it. In the instance that this code is executed by a user with admins or programming rights, this issue compromises the confidentiality, integrity and availability of the whole XWiki installation. This issue has been patched in version 8.9.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-79
- Hype score
- Not currently trending
🚨 CVE-2025-46558 ⚠️🔴 CRITICAL (9.1) 🏢 xwiki-contrib - syntax-markdown 🏗️ >= 8.2, < 8.9 🔗 https://t.co/nAKKL7dbx3 🔗 https://t.co/Jo3y553TcI 🔗 https://t.co/k2wg3ygqTf #CyberCron #VulnAlert #InfoSec https://t.co/IKc4Mjff9O
@cybercronai
2 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-46558 Cross-Site Scripting Vulnerability in XWiki Contrib Markdown Syntax 8.2-8.8 https://t.co/a1tZf498Od
@VulmonFeeds
1 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-46558 XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, … https://t.co/xa1ilyBIjc
@CVEnew
30 Apr 2025
265 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes