CVE-2025-66472 Scanner

XWiki is a widely-used generic wiki platform providing runtime services for applications. It is utilized by developers globally to create and support both collaborative and standalone applications within a wiki environment. XWiki is often deployed in enterprise environments where collaboration and documentation are key. The platform allows users to build applications on top of it, offering an extensible and flexible environment. It often features in knowledge management and content management systems where ease of use and collaborative capabilities are desired. Users and developers leverage its features to strengthen community engagement through editable, user-generated content.

A Cross-Site Scripting (XSS) vulnerability in XWiki can lead to significant security risks for users. XSS allows attackers to inject scripts into web pages viewed by other users. These vulnerabilities expose an application to potential malicious actions, such as session hijacking, data theft, and similar exploits. In the context of XWiki, such a vulnerability arises from improper coding practices that do not sanitize or encode user-input adequately. As a widely adopted platform, XWiki's vulnerability to XSS could impact numerous installations. Addressing these vulnerabilities is critical to maintaining the integrity and security of content.

The specific XSS vulnerability identified in CVE-2025-66472 affects the deletion confirmation message in XWiki, triggered when a user clicks the "No" button. This particular vulnerability allows for a reflected XSS attack by executing an attacker-supplied script. The attack takes advantage of the URL structures involving the "appName" and "xredirect" parameters. These endpoints do not adequately neutralize script-related content embedded within, leading to exposure to malicious scripts. Attackers can manipulate URLs in ways that invite victims to load the generated script unintentionally, leading to broader compromise.

The exploitation of a Cross-Site Scripting (XSS) vulnerability in XWiki can cause severe ramifications. Users are at risk of session hijacking, potentially allowing attackers to impersonate them in applications. Additionally, attackers might steal sensitive data such as login credentials or private user information stored within the wiki. Further exploitation could lead to distribution of malware or the redirection of users to malicious websites. Organizations using vulnerable versions of XWiki could encounter these serious consequences, impacting their confidentiality, integrity, and availability.

REFERENCES

• https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vpr-jm38-wr7w
• https://nvd.nist.gov/vuln/detail/CVE-2025-66472