XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-26480 - Vulnerability Database

XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-26480

Medium
Reference: CVE-2023-26480
Title: XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

XWiki Platform is a generic wiki platform. Starting in version 12.10 a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9 14.4.7 and 13.10.10. There are no known workarounds.