Trrenty

**Name of the Vulnerable Software and Affected Versions** XWiki Confluence Migrator Pro versions prior to 1.2.0 **Description** A user without programming rights can execute arbitrary code due to an unescaped translation when creating a page using the Migration Page template. This issue allows for the execution of arbitrary code, potentially leading to security breaches. The estimated number of affected devices and real-world incidents are not specified. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 to fix the issue. As a temporary workaround, consider restricting access to the Migration Page template until the update is applied. Additionally, avoid using the `XWiki.TranslationDocumentClass` object with scope `USER` in the object editor to minimize the risk of exploitation.