CVE-2021-32621
### Impact
A user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard.
### Patches
The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1.
### Workarounds
There’s no easy workaround for this issue, it is recommended to upgrade XWiki.
### References
https://jira.xwiki.org/browse/XWIKI-17794
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [JIRA](https://jira.xwiki.org)
* Email us at [XWiki security mailing-list](mailto:security@xwiki.org)
Source: CVE-2021-32621