XWiki Platform vulnerable to RXSS via editor parameter - importinline template

Impact It's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. To reproduce: add an attachment to a page for example, your user profile add...

XWiki Platform 注入漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. An injection vulnerability exists in XWiki Platform that stems from incorrectly escaping information loaded from attachments in imported.vm, importinline.vm, and packagelist.vm...