XWiki Rendering Vulnerability in XWiki Software
CVE-2025-53835
Currently unrated
What is CVE-2025-53835?
XWiki Rendering features a vulnerability that allows Cross-Site Scripting (XSS) attacks due to the improper handling of XHTML syntax. Versions 5.4.5 up to 14.9 allow users with document edit permissions, like their user profile, to insert unvalidated HTML content, including JavaScript, potentially compromising the web application’s security. This issue arises from the dependency on the 'xdom+xml/current' syntax, which has been eliminated in version 14.10. Users are strongly advised to upgrade to this version for enhanced security. The 'xdom+xml' syntax remains vulnerable and should not be utilized in standard wiki deployments.