GHSA-94PF-92HW-2HJC XWiki Platform vulnerable to Code injection through NotificationRSSService
Impact Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps:...