org.xwiki.commons:xwiki-commons-xml is vulnerable to XML external entity injection (XXE). A remote authenticated attacker is able to inject a specifically crafted script through the XML script service
to gain access to sensitive user information.
github.com/advisories/GHSA-m2r5-4w96-qxg5
github.com/xwiki/xwiki-commons/commit/947e8921ebd95462d5a7928f397dd1b64f77c7d5
github.com/xwiki/xwiki-commons/commit/abe79aaa31d4e8d8caaadfb7454227fb92ed7b18
github.com/xwiki/xwiki-commons/commit/e34a97dc645a1f18c0d0938e7faff2a3fff008f7
github.com/xwiki/xwiki-commons/security/advisories/GHSA-m2r5-4w96-qxg5
jira.xwiki.org/browse/XWIKI-18946