Vulnerability Database

308,484

Total vulnerabilities in the database

CVE-2024-42489

Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This vulnerability is fixed in 1.10.1.

Published: Aug 12, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-42489
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 10
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
xwiki / pro_macros	1.0	1.10.1

https://github.com/xwikisas/xwiki-pro-macros/blob/main/xwiki-pro-macros-ui/src/main/resources/Confluence/Macros/Viewpdf.xml#L265-L267
https://github.com/xwikisas/xwiki-pro-macros/commit/199553c84901999481a20614f093af2d57970eba
https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-cfq3-q227-7j65

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo