Is CVE-2024-42489 actively exploited?

CVE-2024-42489 has no public evidence of in-the-wild exploitation as of 2024-09-16.

What is the CVSS score for CVE-2024-42489?

CVE-2024-42489 has a CVSS score of 10 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2024-42489?

Patch guidance is available from xwiki security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-42489.

Fix CVE-2024-42489 - CRITICAL xwiki pro macros

Description

Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This vulnerability is fixed in 1.10.1.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-74 CWE-74

Metadata

Primary Vendor: XWIKI
Published: 8/12/2024
Last Modified: 9/16/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2024-42489

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary