CVE-2023-48240
XWiki Platform contains a vulnerability where the rendered diff feature downloads images from any domain and forwards the user’s cookies, enabling cookie theft and server-side request forgery (SSRF). Affected versions are before 14.10.15, 15.5.1 and 15.6. The issue stems from the diff rendering p...