CVE-2026-40105 | XWiki xwiki-platform up to 16.10.15/17.4.7/17.10.0 templates/changesdoc.vm cross site scripting

Inserito da Angelo Barbosa | Apr 15, 2026 | CVE

A vulnerability was found in XWiki xwiki-platform up to 16.10.15/17.4.7/17.10.0. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the file templates/changesdoc.vm. The manipulation leads to basic cross site scripting.

This vulnerability is referenced as CVE-2026-40105. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is advised.

CVE-2026-40105 | XWiki xwiki-platform up to 16.10.15/17.4.7/17.10.0 templates/changesdoc.vm cross site scripting

Post correlati

CVE-2025-59733 | FFmpeg up to 7.x OpenEXR File Decoder dwa_uncompress out-of-bounds write (Issue 436511)

CVE-2024-1941 | Delta Electronics CNCSoft-B up to 1.0.0.4 stack-based overflow (icsa-24-060-01)

CVE-2026-4175 | Aureus ERP up to 1.3.0-BETA2 Chatter Message content-text-entry.blade.php subject/body cross site scripting

CVE-2025-26911 | Bowo System Dashboard Plugin up to 2.8.18 on WordPress exposure of sensitive system information to an unauthorized control sphere