All 6 CVE vulnerabilities found in xwiki-rendering, with AI-generated Chinese analysis, references, and POCs.
Vendor: xwiki
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-66474 | XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection CWE-95 | 8.8AI | HighAI | 2025-12-10 |
| CVE-2025-53836 | XWiki Rendering is vulnerable to RCE attacks when processing nested macros CWE-863 | 10.0 | Critical | 2025-07-14 |
| CVE-2025-53835 | XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax CWE-79 | 9.1 | Critical | 2025-07-14 |
| CVE-2023-37912 | XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro CWE-270 | 10.0 | Critical | 2023-10-25 |
| CVE-2023-37908 | org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability CWE-83 | 9.1 | Critical | 2023-10-25 |
| CVE-2023-32070 | Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers CWE-83 | 9.1 | Critical | 2023-05-10 |
All 6 known CVE vulnerabilities affecting xwiki-rendering with full Chinese analysis, references, and POCs where available.