CVE-2023-35156
XWiki Platform contains a cross-site scripting (XSS) vulnerability in the delete.vm path, exploitable via a crafted URL parameter (xredirect) in the delete template. The issue affects XWiki since 6.0-rc-1 and is demonstrated by payloads like xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=de...