CVE-2025-31487

HIGH Year: 2025
CVSS v3 Score
7.7
High
Weakness Type
CWE-611
View all →

Vulnerability Description

The XWiki JIRA extension provides various integration points between XWiki and JIRA (macros, UI, CKEditor plugin). If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file's content in one of the returned JIRA fields (such as the summary or description for example). The vulnerability has been patched in the JIRA Extension v8.6.5.

Related Vulnerabilities

CVE-2016-7459

HIGH
CVSS:7.7(High)

VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML docume...

CWE-6112016

CVE-2018-17169

HIGH
CVSS:7.7(High)

An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a cr...

CWE-6112018

CVE-2020-13692

HIGH
CVSS:7.7(High)

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

CWE-6112020

CVE-2021-27604

HIGH
CVSS:7.7(High)

In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7...

CWE-6112021

CVE-2021-42776

HIGH
CVSS:7.7(High)

CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.

CWE-6112021

CVE-2023-27480

HIGH
CVSS:7.7(High)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a for...

CWE-6112023