org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting

Impact A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. For instance, by adding the LiveData below in the about section of the profile of a user created by an admin. javascript liveData id="movie...

PT-2023-20672 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 12.10 through 14.4.6 XWiki Platform versions 13.10.9 and earlier XWiki Platform version 14.9 is not affected, but versions prior to 14.9 are vulnerable, however since 14.4.7 is a fixed version, we consider versions pri...