CVE-2025-27603
com.xwiki.confluencepro:application-confluence-migrator-pro-ui Remote Code Execution via unescaped translations
描述
### Impact A user that doesn't have programming rights can execute arbitrary code when creating a page using the Migration Page template. A possible attack vector is the following: * Create a page and add the following content: ``` confluencepro.job.question.advanced.input={{/html}} {{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("hello from groovy!"){{/groovy}}{{/async}} ``` * Use the object editor to add an object of type `XWiki.TranslationDocumentClass` with scope `USER`. * Access an unexisting page using the `MigrationTemplate` ``` http://localhost:8080/xwiki/bin/edit/Page123?template=ConfluenceMigratorPro.Code.MigrationTemplate ``` It is expected that `{{/html}} {{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("hello from groovy!"){{/groovy}}{{/async}}` will be present on the page, however, `hello from groovy` will be printed. ### Patches The issue will be fixed as part of v1.2. The fix was added with commit [35cef22](https://github.com/xwikisas/application-confluence-migrator-pro/commit/36cef2271bd429773698ca3a21e47b6d51d6377d) ### Workarounds There are no known workarounds besides upgrading. ### References No references.
如何修補 CVE-2025-27603
要修補 CVE-2025-27603,請將受影響套件升級到下列已修補版本。
- —升級至 1.2.0 或更新版本
CVE-2025-27603 正在被利用嗎?
低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- >= 1.0, < 1.2.0