CVE-2025-66024

CRITICAL

XWiki Blog Application < 9.15.7 - Stored Cross-Site Scripting via Blog Post Title

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-66024. PoCs published by lukasz-rybak.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-66024, a stored XSS vulnerability in the XWiki Blog Application. The vulnerability arises from improper escaping of the blog post title in the HTML <title> tag, allowing attackers to inject malicious JavaScript.

Description

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting (XSS) via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML <title> tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious JavaScript into the title field. This script will execute in the browser of any user (including administrators) who views the blog post. This leads to potential session hijacking or privilege escalation. The vulnerability has been patched in the blog application version 9.15.7 by adding missing escaping. No known workarounds are available.

Exploits (1)

nomisec WRITEUP

by lukasz-rybak · poc

https://github.com/lukasz-rybak/CVE-2025-66024

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-66024, a stored XSS vulnerability in the XWiki Blog Application. The vulnerability arises from improper escaping of the blog post title in the HTML <title> tag, allowing attackers to inject malicious JavaScript.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: org.xwiki.contrib.blog:application-blog-ui (versions < 9.15.7)

Auth required

Prerequisites: User permissions to create or edit blog posts

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Apr 12, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://github.com/xwiki-contrib/application-blog/security/advisories/GHSA-h2xq-h7f9-vh6c

Patch x_refsource_misc

https://github.com/xwiki-contrib/application-blog/commit/cca87f0a0edc2e7e049d46d51f4a4d8f78b714ba

View Patch ZIP pw:eip

Various Sources x_refsource_misc

https://jira.xwiki.org/browse/BLOG-245

Scores

CVSS v3 9.0

EPSS 0.0064

EPSS Percentile 71.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

org.xwiki.contrib.blog/application-blog-ui 0 - 9.15.7Maven

xwiki/blog_application < 9.15.7

Published Mar 04, 2026

Tracked Since Mar 05, 2026