Description
XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the "requestJoin" field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `WikiManager.JoinWiki` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory.
Remediation
References
Related Vulnerabilities
WordPress Plugin Featured Post with thumbnail Unspecified Vulnerability (1.4)
WordPress Plugin Zoho SalesIQ Multiple Vulnerabilities (1.0.8)
WordPress Plugin Subscribe Sidebar by Blubrry Cross-Site Scripting (1.3.1)
MongoDb Insertion of Sensitive Information into Log File Vulnerability (CVE-2026-8200)