None of these issues are believed to result in compromise of the web server or of Foswiki data.
Details are available in the individual linked tasks. These will be available for viewing following the general release of Foswiki 2.1.4.
Good browser practices can now prevent most XSS injection attacks. We also recommend use of the appropriate Security headers. These can be set in the web server configuration.
Authors and Credits
Thanks to Tim Coen of Curesec GmbH for finding and reporting the XSS issues. And thanks to Maxime Besson who reported the issue with the systemd files.
Hotfix for Foswiki Production Release
No hotfixes are available for these vulnerabilities. Upgrade to Foswiki-2.1.4