Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.
Remediation
References
Related Vulnerabilities
Ruby CVE-2021-41819 Vulnerability (CVE-2021-41819)
WordPress Plugin MailPoet Newsletters (Previous) Security Bypass (2.8.1)
WordPress Plugin Top 10-Popular posts for WordPress Cross-Site Request Forgery (1.9.2)
Joomla Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2022-23794)
WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Scripting (1.8.1)