CVE-2023-36470
CVE-2023-36470 affects XWiki Platform. When a document is created or edited using an icon set, an attacker can inject XWiki syntax and Velocity code that runs with programming rights, enabling remote code execution. Attack vectors include the icon set HTML/XWiki syntax definitions and the icon pi...