CVE-2025-65091

Published
View on NVD ↗
CVSS v3
10
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT

Description

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page (including guest users) can exploit a SQL injection vulnerability by accessing database info or starting a DoS attack. This issue has been patched in version 2.4.5.

xwiki-contrib/macro-fullcalendar
xwiki-contrib/macro-fullcalendar
Full Calendar Macro, using jQuery FullCalendar plugin, allowing to display objects from the wiki on the calendar.
GitHubGitHub
1