XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
Impact It's possible to store a JavaScript which will be executed by anyone viewing the history of an attachment containing javascript in its name. For example, attachment a file with name .jpg will execute the alert. Patches This issue has been patched in XWiki 13.10.6 and 14.3RC1. Workarounds I...