org.xwiki.commons:xwiki-commons-xml is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape arbitrary HTML code before it output to the front end, allowing an attacker to inject and execute malicious javascript on the victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
xwiki commons - xml | le | 14.10.3 | |
xwiki commons - xml | le | 14.10.3 |
github.com/advisories/GHSA-pv7v-ph6g-3gxv
github.com/xwiki/xwiki-commons/commit/0b8e9c45b7e7457043938f35265b2aa5adc76a68
github.com/xwiki/xwiki-commons/commit/cfc9db026c095cffb324697054f9fef5fcb62c56
github.com/xwiki/xwiki-commons/security/advisories/GHSA-pv7v-ph6g-3gxv
jira.xwiki.org/browse/XCOMMONS-2606