CVE-2023-32070

CVE-2023-32070 affects XWiki Platform’s HTML/XHTML rendering prior to version 14.6-rc-1, where dangerous attributes/attribute values were not checked, enabling XSS via attributes and link URLs in XWiki syntax. The issue is mitigated by upgrading to the fixed version (14.6-rc-1 or later); no publi...