Reflected XSS Vulnerability in XWiki Platform by XWiki
CVE-2026-24128
What is CVE-2026-24128?
The XWiki Platform contains a reflected Cross-site Scripting (XSS) vulnerability that allows attackers to craft malicious URLs, which, when accessed by unsuspecting users, can trigger arbitrary actions with the same privileges as the victim. If the victim has administrative or programming rights, attackers can exploit these privileges to gain full control over the XWiki installation. This vulnerability affects multiple versions of the XWiki Platform and has been addressed in several patched releases. Users are encouraged to upgrade to the latest versions or apply the manual patch to mitigate risk without requiring a system restart.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
xwiki-platform >= 7.0-milestone-2, < 16.10.12 < 7.0-milestone-2, 16.10.12
xwiki-platform >= 17.0.0-rc-1, < 17.4.5 < 17.0.0-rc-1, 17.4.5
xwiki-platform >= 17.5.0-rc-1, < 17.8.0-rc-1 < 17.5.0-rc-1, 17.8.0-rc-1
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved