Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      The Ultimate Guide to Node.js Development Pricing for Enterprises

      July 29, 2025

      Stack Overflow: Developers’ trust in AI outputs is worsening year over year

      July 29, 2025

      Web Components: Working With Shadow DOM

      July 28, 2025

      Google’s new Opal tool allows users to create mini AI apps with no coding required

      July 28, 2025

      5 preinstalled apps you should delete from your Samsung phone immediately

      July 30, 2025

      Ubuntu Linux lagging? Try my 10 go-to tricks to speed it up

      July 30, 2025

      How I survived a week with this $130 smartwatch instead of my Garmin and Galaxy Ultra

      July 30, 2025

      YouTube is using AI to verify your age now – and if it’s wrong, that’s on you to fix

      July 30, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      Time-Controlled Data Processing with Laravel LazyCollection Methods

      July 30, 2025
      Recent

      Time-Controlled Data Processing with Laravel LazyCollection Methods

      July 30, 2025

      Create Apple Wallet Passes in Laravel

      July 30, 2025

      The Laravel Idea Plugin is Now FREE for PhpStorm Users

      July 30, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      New data shows Xbox is utterly dominating PlayStation’s storefront — accounting for 60% of the Q2 top 10 game sales spots

      July 30, 2025
      Recent

      New data shows Xbox is utterly dominating PlayStation’s storefront — accounting for 60% of the Q2 top 10 game sales spots

      July 30, 2025

      Opera throws Microsoft to Brazil’s watchdogs for promoting Edge as your default browser — “Microsoft thwarts‬‭ browser‬‭ competition‬‭‬‭ at‬‭ every‬‭ turn”

      July 30, 2025

      Activision once again draws the ire of players for new Diablo Immortal marketing that appears to have been made with generative AI

      July 30, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Security»Common Vulnerabilities and Exposures (CVEs)»CVE-2025-49587 – XWiki XSS Through Unvalidated HTML in Notification Displayer

    CVE-2025-49587 – XWiki XSS Through Unvalidated HTML in Notification Displayer

    June 13, 2025

    CVE ID : CVE-2025-49587

    Published : June 13, 2025, 6:15 p.m. | 2 hours, 43 minutes ago

    Description : XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing XSS attacks. While the notification displayer executes Velocity, the existing generic analyzer already warns admins before editing Velocity code. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful. This vulnerability has been patched in XWiki 15.10.16, 16.4.7, and 16.10.2 by adding a required rights analyzer that warns the admin before editing about the possibly malicious code.

    Severity: 0.0 | NA

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleCVE-2025-49597 – Apache Goodbye CSV Remote Code Execution
    Next Article CVE-2025-49586 – XWiki Remote Code Execution Vulnerability

    Related Posts

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-43234 – Apple WatchOS/IOS/iPadOS/tvOS/macOS VisionOS Texture Corruption Vulnerability

    July 30, 2025
    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-43237 – Apple macOS Sequoia Write Access Vulnerability

    July 30, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    CVE-2025-1048 – Sonos Era 300 Speaker SMB Use-After-Free Remote Code Execution Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-7513 – “Modern Bag SQL Injection Vulnerability”

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-5827 – Autel MaxiCharger AC Wallbox Commercial BLE Stack-based Buffer Overflow Remote Code Execution Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    North Korean Hackers Targeted Nearly 18,000 in Phishing Campaign During Martial Law Turmoil

    Development

    Highlights

    Bluetooth Vulnerabilities Let Hackers Spy on Your Headphones and Earbuds

    June 30, 2025

    Bluetooth Vulnerabilities Let Hackers Spy on Your Headphones and Earbuds

    A major security flaw affecting millions of Bluetooth headphones and earbuds has been discovered, allowing attackers to remotely hijack devices and spy on users without requiring any authentication or …
    Read more

    Published Date:
    Jun 30, 2025 (1 hour, 4 minutes ago)

    Vulnerabilities has been mentioned in this article.

    Microsoft trials redesigned Windows 11 Widgets Board with new Copilot Discover feed — AI curated stories right on your desktop

    July 25, 2025

    CVE-2025-6617 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

    June 25, 2025

    Fortinet FortiWeb Instances Hacked With Webshells Following Public PoC Exploits

    July 16, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.