Description
XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue.
Remediation
References
Related Vulnerabilities
WordPress Plugin Watu Quiz Cross-Site Scripting (3.1.2.5)
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-10081)
WordPress Plugin Zedna Contact form Arbitrary File Upload (1.0)
WordPress Plugin Easy Banners Cross-Site Scripting (1.4)
PHP Resource Management Errors Vulnerability (CVE-2011-1148)