The hacker Sony discovered Cross site scripting Vulnerability in XWiki. XWiki is a free wiki software platform written in Java with a design emphasis on extensibility. XWiki Enterprise, the enterprise wiki edition, includes WYSIWYG editing, OpenOffice based document import/export, semantic annotations and tagging, and advanced permissions management
The comment box and profile page vulnerable to XSS.
Poc:
http://www.xwiki.org/xwiki/bin/view/Blog/XWikiEnterprise14RC1Released
http://www.xwiki.org/xwiki/bin/XWiki/SonyStyles
It seems that he is targeting Wiki based web applications. In past two weeks itself, he found xss Vulnerabilities in lot of websites . He found XSS vulnerabilities in Twiki, FosWiki
source:
http://st2tea.blogspot.com/2012/02/xwiki-cross-site-scripting.html