CVE-2022-29251
CVSS v3.1
6.1 (Medium)
CVSS v2.0
4.3 (Medium)
EPSS
0.07 % (32th)
Affected Products
1
Advisories
1
XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the FlamingoThemesCode.WebHomeSheet
wiki page related to the "newThemeName" form field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page FlamingoThemesCode.WebHomeSheet
(with wiki editor) according to the suggestion provided in the GitHub Security Advisory.
Weaknesses
- CVE Status
- PUBLISHED
- CNA
- GitHub, Inc.
- Published Date
-
2022-05-25 21:15:08
(2 years ago) - Updated Date
-
2022-06-07 18:32:43
(2 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...