CVE-2025-27603

CRITICAL Year: 2025
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-95
View all →

Vulnerability Description

XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. A user that doesn't have programming rights can execute arbitrary code due to an unescaped translation when creating a page using the Migration Page template. This vulnerability is fixed in 1.2.0.

Related Vulnerabilities

CVE-2024-8512

CRITICAL
CVSS:9.1(Critical)

The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. This is...

CWE-952024

CVE-2020-5256

HIGH
CVSS:8.8(High)

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would t...

CWE-952020

CVE-2020-6650

HIGH
CVSS:8.8(High)

UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluati...

CWE-952020

CVE-2022-41928

HIGH
CVSS:8.8(High)

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangero...

CWE-952022

CVE-2022-41931

HIGH
CVSS:8.8(High)

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the...

CWE-952022

CVE-2023-0089

HIGH
CVSS:8.8(High)

The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 a...

CWE-952023