XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages

@@ -113,7 +113,7 @@ Caused by: #printThrowable($throwable.cause true)
             #set ($version = $argument.versionConstraint)
           #end
           #set ($_extensionURL = "#getExtensionURL($argument.id, $version)")
-          #set ($_extensionName = $argument)
+          #set ($_extensionName = $!escapetool.xml($argument))
         #end
         #set ($message = "$message<a href=""$_extensionURL"" class=""extension-link"">$_extensionName</a>")
       #elseif ($argument.listIterator())

@@ -19,23 +19,33 @@
  */
 package org.xwiki.web;
 
+import java.util.List;
+
 import javax.inject.Inject;
 import javax.inject.Named;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.xwiki.extension.DefaultExtensionDependency;
 import org.xwiki.extension.ExtensionDependency;
+import org.xwiki.extension.ExtensionId;
+import org.xwiki.extension.job.InstallRequest;
+import org.xwiki.extension.job.plan.internal.DefaultExtensionPlan;
 import org.xwiki.extension.script.ExtensionManagerScriptService;
 import org.xwiki.extension.version.internal.DefaultVersionConstraint;
+import org.xwiki.logging.LogQueue;
 import org.xwiki.script.service.ScriptService;
 import org.xwiki.template.TemplateManager;
 import org.xwiki.test.junit5.mockito.MockComponent;
 import org.xwiki.test.page.PageTest;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.matchesRegex;
+import static org.hamcrest.Matchers.not;
 import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 /**
@@ -78,4 +88,37 @@ void nonExistingExtensionRequest() throws Exception
                 <span class="extension-name">&#60;test&#62;</span><span
                       class="extension-version">&#60;test&#62;</span>"""));
     }
+
+    @Test
+    void nonExistingExtensionRequestWithJobStatus() throws Exception
+    {
+        String testValue = "<test>";
+        this.stubRequest.put("extensionId", testValue);
+        this.stubRequest.put("extensionVersion", testValue);
+        this.stubRequest.put("extensionSection", "progress");
+        String namespace = "wiki:xwiki";
+        this.stubRequest.put("extensionNamespace", namespace);
+        ExtensionId extensionId = new ExtensionId(testValue, testValue);
+
+        // Mock an extension job status for an installation request with the necessary properties to trigger the
+        // display of the log message.
+        ExtensionManagerScriptService service = (ExtensionManagerScriptService) this.extensionManagerScriptService;
+        InstallRequest installRequest = mock();
+        when(installRequest.getExtensions()).thenReturn(List.of(extensionId));
+        LogQueue logEvents = new LogQueue();
+        logEvents.info("Resolving extension [{}] on namespace [{}]", extensionId, namespace);
+        DefaultExtensionPlan<InstallRequest> extensionPlan = mock();
+        when(extensionPlan.getRequest()).thenReturn(installRequest);
+        when(extensionPlan.getLogTail()).thenReturn(logEvents);
+        when(service.getExtensionPlanJobStatus(testValue, namespace)).thenReturn(extensionPlan);
+
+        String output = this.templateManager.render("distribution.vm");
+
+        verify(service).getExtensionPlanJobStatus(testValue, namespace);
+
+        assertThat(output, containsString("&#60;test&#62;"));
+        assertThat(output, not(containsString(testValue)));
+        assertThat(output, matchesRegex("(?s).*Resolving extension \\[<a href=\"[^\"]*\" class=\"extension-link\">&#60;"
+            + "test&#62;/&#60;test&#62;</a>].*"));
+    }
 }