CVE-2025-48885 – XWiki URL Shortener Unauthenticated Page Creation Vulnerability

May 30, 2025

CVE ID : CVE-2025-48885

Published : May 30, 2025, 7:15 p.m. | 2 hours, 25 minutes ago

Description : application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user (even guests) can create these docs, even if they don’t exist already. This can enable guest users to denature the structure of wiki pages, by creating 1000’s of pages with random name, that then become very difficult to handle by admins. Version 1.2.4 fixes the issue. No known workarounds are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48938 – GitHub go-gh Command Injection

Next Article CVE-2025-48883 – Chrome CSS Selector XSS

Highlights

CVE-2025-5388 – JeeWMS SQL Injection Vulnerability

May 31, 2025

CVE ID : CVE-2025-5388

Published : May 31, 2025, 6:15 p.m. | 2 hours, 43 minutes ago

Description : A vulnerability classified as critical was found in JeeWMS up to 20250504. Affected by this vulnerability is the function dogenerate of the file /generateController.do?dogenerate. The manipulation leads to sql injection. The attack can be launched remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

DistroWatch Weekly, Issue 1131

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

WhatsApp for Windows 11 is switching back to Chromium web wrapper from UWP/native

DistroWatch Weekly, Issue 1131

CVE-2025-48885 – XWiki URL Shortener Unauthenticated Page Creation Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Google confirms Gemini for Chrome on Windows 11, teases big AI upgrade

What to do when users just want the old version back

CVE-2025-47530 – WPFunnels Object Injection Vulnerability

Meta AI can summarize your unread WhatsApp messages now – how to try it

CVE-2025-5388 – JeeWMS SQL Injection Vulnerability

CVE-2025-36004 – IBM Facsimile Support for i Privilege Escalation Vulnerability

Develop a Multi-Tool AI Agent with Secure Python Execution using Riza and Gemini

This Extension Adds Night Light Intensity Slider to Quick Settings

CVE-2025-48885 – XWiki URL Shortener Unauthenticated Page Creation Vulnerability

Related Posts