Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advertisement Management Multiple Vulnerabilities (1.0)
WordPress Plugin Simple Feature Requests Free Unspecified Vulnerability (1.0.4)
WordPress Plugin Sidebar Adder 2 Cross-Site Scripting (2.0.0)
WordPress Plugin 301 Redirects-Easy Redirect Manager Cross-Site Request Forgery (2.72)