CVE-2025-66472
Published: Dec 10, 2025
Modified: Dec 11, 2025
Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a reflected XSS attack through a deletion confirmation message. The attacker-supplied script is executed when the victim clicks the "No" button. This issue is fixed in versions 16.10.10 and 17.4.2 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates.
| Vendor | Product | Versions |
|---|---|---|
xwiki | xwiki-platform | affected org.xwiki.platform:xwiki-platform-flamingo-skin-resources >= 6.2-milestone-1, < 16.10.10affected org.xwiki.platform:xwiki-platform-flamingo-skin-resources >= 17.0.0-rc-1, < 17.4.2affected org.xwiki.platform:xwiki-platform-web-templates >= 6.2-milestone-1, < 16.10.10affected org.xwiki.platform:xwiki-platform-web-templates >= 17.0.0-rc-1, < 17.4.2 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now