Cross-Site Scripting Vulnerability in XWiki Platform by XWiki
CVE-2024-43400
5.4MEDIUM
What is CVE-2024-43400?
The XWiki Platform, a widely-used generic wiki, is vulnerable to a cross-site scripting exploit that allows unauthorized users to create URLs embedding malicious JavaScript. By leveraging social engineering tactics, attackers can deceive users into clicking on such links, potentially compromising their data or affecting platform integrity. This vulnerability has been addressed in subsequent updates; users are encouraged to upgrade to versions 14.10.21, 15.5.5, 15.10.6, or 16.0.0 to mitigate risks.