GHSA-H2RM-29CH-WFMH XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter
Impact When login via the OAuth method, the identityOAuth parameters, sent in a GET request is vulnerable to XSS and XWiki syntax injection. This allows remote code execution via the groovy macro and thus affects the confidentiality, integrity and availability of the whole XWiki installation. The...