CVE-2023-35153
CVE-2023-35153 concerns XWiki Platform. A stored XSS exists in versions 5.4.4 and earlier, affecting 14.4.8, 14.10.4, and 15.0 prior to patch. An attacker with edit rights can add a page element class named AppWithinMinutes.FormFieldCategoryClass, place the payload on the page title, and trigger ...