XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon
Impact Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of Invitation.InvitationCommon. This page is installed by default. See https://jira.xwiki.org/browse/XWIKI-20283 fo...