Cross Site Scripting (XSS) in XWiki
Moderate severity
GitHub Reviewed
Published
Jan 29, 2021
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Package
Affected versions
< 12.10.3
Patched versions
12.10.3
Description
Published by the National Vulnerability Database
Jan 20, 2021
Reviewed
Jan 22, 2021
Published to the GitHub Advisory Database
Jan 29, 2021
Last updated
Feb 1, 2023
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
References