Description
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
Remediation
References
https://www.exploit-db.com/exploits/49437
Related Vulnerabilities
CVE-2021-21685 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-15930 Vulnerability in npm package joplin
CVE-2023-40573 Vulnerability in maven package org.xwiki.platform:xwiki-platform-scheduler-api
CVE-2023-49376 Vulnerability in maven package com.jfinal:jfinal
CVE-2022-23437 Vulnerability in maven package xerces:xercesimpl