Cross-Site Scripting Vulnerability in XWiki Contrib's Markdown Syntax
CVE-2025-46558
Currently unrated
What is CVE-2025-46558?
XWiki Contrib's Markdown Syntax allows users to create and import Markdown content into wiki pages. However, in versions 8.2 through 8.8, it is susceptible to cross-site scripting (XSS) vulnerabilities. Attackers can embed JavaScript code within Markdown syntax, which could be executed in the browsers of users accessing affected documents or comments. This poses significant risks, particularly if the executing user has administrative or programming privileges, leading to potential breaches of confidentiality, integrity, and availability for the entire XWiki installation. The vulnerability has been addressed in version 8.9.