Description
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
Remediation
References
https://www.exploit-db.com/exploits/49437
Related Vulnerabilities
CVE-2020-17518 Vulnerability in maven package org.apache.flink:flink-runtime_2.12
CVE-2020-28452 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.12
CVE-2020-11022 Vulnerability in maven package org.webjars.npm:jquery
CVE-2022-45395 Vulnerability in maven package com.thalesgroup.jenkins-ci.plugins:cccc
CVE-2023-34624 Vulnerability in maven package net.sourceforge.htmlcleaner:htmlcleaner