Description
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
Remediation
References
https://www.exploit-db.com/exploits/49437
Related Vulnerabilities
CVE-2007-6433 Vulnerability in maven package org.jboss.seam:jboss-seam
CVE-2019-10744 Vulnerability in npm package @sailshq/lodash
CVE-2021-29441 Vulnerability in maven package com.alibaba.nacos:nacos-common
CVE-2023-36665 Vulnerability in maven package org.webjars.npm:protobufjs
CVE-2020-7707 Vulnerability in maven package org.webjars.npm:property-expr