XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2 through 16.10.11, 17.0.0-rc-1 through 17.4.4, and 17.5.0-rc-1 through 17.7.0 contain a reflected Cross-site Scripting (XSS) vulnerability, which allows an attacker to craft a malicious URL and execute arbitrary actions with the same privileges as the victim. If the victim has administrative or programming rights, those rights can be exploited to gain full access to the XWiki installation. This issue has been patched in versions 17.8.0-rc-1, 17.4.5 and 16.10.12. To workaround, the patch can be applied manually, only a single line in templates/logging_macros.vm needs to be changed, no restart is required.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

XWiki Platform 安全漏洞

XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 7.0-milestone-2至16.10.11版本、17.0.0-rc-1至17.4.4版本和17.5.0-rc-1至17.7.0版本存在安全漏洞，该漏洞源于反射型跨站脚本，可能导致攻击者执行任意操作。

N/A

N/A