3 matches found
CVE-2023-36471
CVE-2023-36471 affects XWiki Commons HTML sanitizer (XWiki Commons) where allowed tags include form/input elements. The underlying issue is that the HTML sanitizer allowed form-related tags since 14.6RC1, enabling an attacker without scripting rights to craft a form that could trigger remote code...
CVE-2023-36471 HTML sanitizer allows form elements in restricted in org.xwiki.commons:xwiki-commons-xml
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishi...
CVE-2023-36471 HTML sanitizer allows form elements in restricted in org.xwiki.commons:xwiki-commons-xml
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishi...