XSS can be injected via a wiki attachment.
An attacker could use this vulnerability to force a victim to execute uncontrolled code.
CVSSv3 score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Add a wiki attachment named xss.html with the following content: <html><body><script>alert(1)</script></body></html>
OWASP Cross-site Scripting