Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.
Remediation
References
Related Vulnerabilities
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-6664)
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.2.0)
Serendipity Other Vulnerability (CVE-2005-1452)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) Cross-Site Scripting (6.4)