GHSA-H2XQ-H7F9-VH6C XWiki Blog Application home page vulnerable to Stored XSS via Post Title
Impact The Blog Application is vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious...