CVE-2021-3137
Cross Site Scripting (XSS) in XWiki
EPSS 0.15%
Description
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
How to fix CVE-2021-3137
To remediate CVE-2021-3137, upgrade the affected package to a fixed version below.
- Maven/org.xwiki.commons:xwiki-commons—upgrade to 12.10.3 or later
Is CVE-2021-3137 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 12.10.3