cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-52298,https://securityvulnerability.io/vulnerability/CVE-2024-52298,Access Control Vulnerability in PDF Viewer Macro for XWiki by XWiki SAS,"The macro-pdfviewer for XWiki, which utilizes the Mozilla pdf.js library, contains a vulnerability that allows unauthorized access to protected PDF attachments through its 'Delegate my view right' feature. Attackers can exploit this flaw by providing a reference to a PDF file within the macro. If the attacker can access a page authored by a user who has permission to view the attachment, they can retrieve the URL of the protected file. Even pages that indicate 'N/A' may reveal sensitive information upon inspection of network requests, thereby exposing attachment URLs stored in JSON responses. This vulnerability compromises expected access controls and has been addressed in version 2.5.6 of the product.",Xwiki,PDF Viewer Macro,7.5,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2024-11-13T16:15:00.000Z,0
CVE-2024-52299,https://securityvulnerability.io/vulnerability/CVE-2024-52299,Vulnerability in PDF Viewer Macro for XWiki Affects User Data Access,"The macro-pdfviewer is a PDF Viewer Macro for XWiki, utilizing the Mozilla pdf.js library. A vulnerability exists that allows users with view permissions on XWiki.PDFViewerService to access any attachment stored in the wiki. This security flaw arises from an incorrect computation of the key used to restrict access, specifically through improper handling of the digest stream. As a result, unauthorized users may gain access to sensitive documents. This issue has been resolved in version 2.5.6, emphasizing the importance of updating to ensure data protection.",Xwiki,PDF Viewer Macro,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-11-13T16:15:00.000Z,0
CVE-2024-52300,https://securityvulnerability.io/vulnerability/CVE-2024-52300,Cross-Site Scripting Vulnerability in XWiki's PDF Viewer Macro,"The macro-pdfviewer, which serves as a PDF viewer macro for XWiki leveraging Mozilla pdf.js, contains a vulnerability stemming from improper escaping of the width parameter. This flaw enables cross-site scripting (XSS) attacks; any user with the ability to edit a page can inject malicious code. When an administrator views a page containing such malicious code, the integrity, confidentiality, and availability of the entire XWiki installation can be compromised. The issue is addressed in version 2.5.6 of the product.",Xwiki,PDF Viewer Macro,9,CRITICAL,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-13T16:15:00.000Z,0