CVE-2021-29459
XWiki Platform has a cross-site scripting vulnerability affecting versions prior to 12.6.3 and 12.8, allowing persistent script injection via text fields (unregistered users) or via app-managed lists (registered users with edit rights). The issue stems from how data can be filled and persisted, w...