CVE-2023-40572
XWiki Platform is vulnerable to a CSRF-based privilege escalation leading to remote code execution via the create action when a user with script rights visits a crafted image. The issue arises because the create action can be triggered without a CSRF token, enabling script execution and compromis...