WEB APPLICATION VULNERABILITIES Standard & Premium

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3137)

Description

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.

Remediation

References

Related Vulnerabilities

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21627)

TYPO3 Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-26229)

Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6495)

Cherokee Improper Input Validation Vulnerability (CVE-2009-4489)

Magento CVE-2019-8123 Vulnerability (CVE-2019-8123)

Severity

Medium

Classification

CVE-2021-3137 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities