XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0.
View the template here CVE-2023-32068.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-32068