Critical Vulnerability Information Vulnerability Name Reflected XSS in two templates Severity Moderate CVSS v4 Base Score: 6.5/10 Affected Scope Affected Versions - org.xwiki.platform:xwiki-platform-web-templates >= 4.2-milestone-3, = 16.5.0-rc-1, = 17.0.0-rc-1, < 17.3.0-rc-1 Fixed Versions - 16.4.8 - 16.10.6 - 17.3.0-rc-1 Description and Impact A reflected XSS vulnerability exists in two templates, allowing attackers to execute malicious JavaScript code by tricking victims into visiting attacker-controlled URLs. PoC URL Examples: - - Mitigation Fixed in XWiki 16.4.8, 16.10.6, and 17.3.0-rc-1 by adding escaping in the affected templates. Workarounds The same changes applied in the patch can be manually applied to the WAR file to fix the affected templates. References e5926a0 XWIKI-23096 CVE ID CVE-2025-32430 Weakness CWE-79