Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
Advisories for Maven/Org.xwiki.commons/Xwiki-Commons package
2021
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.