XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-35153

XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8 14.10.4 and 15.0 a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a AppWithinMinutes.FormFieldCategoryClass class on a page and setting the payload on the page title. Then any user visiting /xwiki/bin/view/AppWithinMinutes/ClassEditSheet executes the payload. The issue has been patched in XWiki 14.4.8 14.10.4 and 15.0. As a workaround update AppWithinMinutes.ClassEditSheet with a patch.