Description
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Alipay/Tenpay/PayPal Cross-Site Scripting (3.6.0)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2100)
WordPress Plugin Arigato Autoresponder and Newsletter Multiple Vulnerabilities (2.5.1.6)
WordPress Plugin OptionTree PHP Object Injection (2.6.0)
WordPress Plugin Flash Photo Gallery Cross-Site Scripting (0.7)