{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T21:44:11.727","vulnerabilities":[{"cve":{"id":"CVE-2024-52300","sourceIdentifier":"security-advisories@github.com","published":"2024-11-13T16:15:20.240","lastModified":"2024-11-18T17:29:46.807","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6."},{"lang":"es","value":"macro-pdfviewer es una macro de visor de PDF para XWiki que utiliza Mozilla pdf.js. El parámetro width de la macro del visor de PDF no se escapa correctamente, lo que permite XSS para cualquier usuario que pueda editar una página. XSS puede afectar la confidencialidad, integridad y disponibilidad de toda la instalación de XWiki cuando un administrador visita la página con el código malicioso. Esto se solucionó en 2.5.6."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:pdf_viewer_macro:*:*:*:*:pro:*:*:*","versionEndExcluding":"2.5.6","matchCriteriaId":"75E88265-41BB-488A-9003-7F7D65FF38F0"}]}]}],"references":[{"url":"https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-84wx-6vfp-5m6g","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}}]}