Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: `
Remediation
References
https://jira.xwiki.org/browse/XWIKI-20370
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fwwj-wg89-7h4c
Related Vulnerabilities
CVE-2020-13128 Vulnerability in maven package com.googlecode.gwtupload:gwtupload-project
CVE-2021-46364 Vulnerability in maven package info.magnolia:magnolia-core
CVE-2020-28443 Vulnerability in npm package sonar-wrapper
CVE-2023-24997 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2023-45134 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates