Description

XWiki Platform before 12.8 mishandles escaping in the property displayer.

Remediation

References

CVE-2020-13654

Related Vulnerabilities

SharePoint CVE-2022-37961 Vulnerability (CVE-2022-37961)

WordPress Plugin EmbedStories-Display social media stories Cross-Site Scripting (0.7.4)

Jetty Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-28163)

WordPress Plugin Manage and respond to conversations with leads-HappyForms PHP Object Injection (1.0.0)

WordPress Plugin Appointment Booking Calendar SQL Injection (1.1.23)

Severity

High

Classification

CVE-2020-13654 CWE-116 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities