Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: `
Remediation
References
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fwwj-wg89-7h4c
https://jira.xwiki.org/browse/XWIKI-20370
Related Vulnerabilities
CVE-2016-5007 Vulnerability in maven package org.springframework.security:spring-security-config
CVE-2018-11786 Vulnerability in maven package org.apache.karaf.shell:org.apache.karaf.shell.core
CVE-2018-17192 Vulnerability in maven package org.apache.nifi:nifi-jetty-bundle
CVE-2017-12174 Vulnerability in maven package org.apache.activemq:artemis-core-client
CVE-2022-41704 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge