Description
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
Remediation
References
https://www.exploit-db.com/exploits/49437
Related Vulnerabilities
CVE-2020-6429 Vulnerability in npm package electron
CVE-2020-26259 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2018-13797 Vulnerability in npm package macaddress
CVE-2020-7673 Vulnerability in npm package node-extend
CVE-2022-37223 Vulnerability in maven package com.jflyfox:jflyfox_jfinal