CVE-2025-66472 | xwiki xwiki-platform up to 16.10.9/17.4.1 Confirmation Message cross site scripting (GHSA-7vpr-jm38-wr7w)

A vulnerability, which was classified as problematic, has been found in xwiki xwiki-platform up to 16.10.9/17.4.1. The affected element is an unknown function of the component Confirmation Message Handler. Performing manipulation results in cross site scripting.

This vulnerability is reported as CVE-2025-66472. The attack is possible to be carried out remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More