Cross-Site Scripting Vulnerability in XWiki Contrib's Markdown Syntax
CVE-2025-46558
What is CVE-2025-46558?
XWiki Contrib's Markdown Syntax allows users to create and import Markdown content into wiki pages. However, in versions 8.2 through 8.8, it is susceptible to cross-site scripting (XSS) vulnerabilities. Attackers can embed JavaScript code within Markdown syntax, which could be executed in the browsers of users accessing affected documents or comments. This poses significant risks, particularly if the executing user has administrative or programming privileges, leading to potential breaches of confidentiality, integrity, and availability for the entire XWiki installation. The vulnerability has been addressed in version 8.9.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.