GHSA-93GH-JGJJ-R929 XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages
Impact When trying to create a document that already exists, XWiki displays an error message in the form for creating it. Due to missing escaping, this error message is vulnerable to raw HTML injection and thus XSS. The injected code is the document reference of the existing document so this...