XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters