Description
XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the `FlamingoThemesCode.WebHomeSheet` wiki page related to the "newThemeName" form field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `FlamingoThemesCode.WebHomeSheet` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ninja Forms with File Uploads Extension Multiple Vulnerabilities (3.0.22)
WordPress Plugin Custom Search by BestWebSoft Cross-Site Scripting (1.35)
WordPress Plugin Google Sitemap by BestWebSoft Cross-Site Scripting (3.0.7)
WordPress Plugin Save Contact Form 7 SQL Injection (1.7)
WordPress Plugin Yandex.News Feed by Teplitsa Cross-Site Scripting (1.12.5)