Skip to main content

Blog Application

1 CVEs product

Monthly

CVE-2025-66024 Maven HIGH PATCH GHSA This Week

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting (XSS) via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML <title> tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious J...

XSS Privilege Escalation Blog Application
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
EPSS 0% CVSS 8.6
HIGH PATCH This Week

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting (XSS) via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML <title> tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious J...

XSS Privilege Escalation Blog Application
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy