1. Home
  2. Vulnerabilities
  3. CVE-2022-29251

CVE-2022-29251

CVSS v3.1 6.1 (Medium)
61% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.07 % (32th)
0.07% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the FlamingoThemesCode.WebHomeSheet wiki page related to the "newThemeName" form field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page FlamingoThemesCode.WebHomeSheet (with wiki editor) according to the suggestion provided in the GitHub Security Advisory.

Weaknesses
CWE-116
Improper Encoding or Escaping of Output
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE Status
PUBLISHED
CNA
GitHub, Inc.
Published Date
2022-05-25 21:15:08
(2 years ago)
Updated Date
2022-06-07 18:32:43
(2 years ago)

Affected Products

Xwiki

Configuration #1

    CPE23 From Up To
  Xwiki from 6.2.4 version and prior 12.10.11 version cpe:2.3:a:xwiki:xwiki >= 6.2.4 < 12.10.11
  Xwiki from 13.0 version and prior 13.4.7 version cpe:2.3:a:xwiki:xwiki >= 13.0 < 13.4.7
  Xwiki from 13.5 version and prior 13.10.3 version cpe:2.3:a:xwiki:xwiki >= 13.5 < 13.10.3