Stored Cross-Site Scripting

XWiki Blog Application is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper escaping of blog post titles before insertion into the HTML tag, allowing attackers with blog editing permissions to inject malicious JavaScript that executes in the browser of users...