Description
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
Remediation
References
https://www.exploit-db.com/exploits/49437
Related Vulnerabilities
CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-jdk15to18
CVE-2022-26112 Vulnerability in maven package org.apache.pinot:pinot-broker
CVE-2022-43424 Vulnerability in maven package com.compuware.jenkins:compuware-xpediter-code-coverage
CVE-2019-18818 Vulnerability in npm package strapi
CVE-2020-15813 Vulnerability in maven package org.graylog2:graylog2-server