CVE-2023-36471 Information

Description

Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki this allows an attacker without script right to either create forms that can be used for phishing attacks or also in the context of a sheet the attacker could add an input like `html<input type=\hidden\ name=## Reference https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-6pqf-c99p-758v https://github.com/xwiki/xwiki-commons/commit/99484d48e899a68a1b6e33d457825b776c6fe8c3 https://jira.xwiki.org/browse/XCOMMONS-2634