1. Home
  2. Vulnerabilities
  3. CVE-2022-36095

CVE-2022-36095

CVSS v3.1 4.3 (Medium)
43% Progress
EPSS 0.06 % (27th)
0.06% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the documentTags.vm template in one's filesystem, to apply the changes exposed there.

Weaknesses
CWE-352
Cross-Site Request Forgery (CSRF)
CVE Status
PUBLISHED
CNA
GitHub, Inc.
Published Date
2022-09-08 21:15:07
(2 years ago)
Updated Date
2022-09-15 14:02:50
(2 years ago)

Affected Products

Xwiki

Configuration #1

    CPE23 From Up To
  Xwiki from 2.3 version and prior 13.10.6 version cpe:2.3:a:xwiki:xwiki >= 2.3 < 13.10.6
  Xwiki from 14.0 version and prior 14.3 version cpe:2.3:a:xwiki:xwiki >= 14.0 < 14.3
  Xwiki 2.0 Milestone2 cpe:2.3:a:xwiki:xwiki:2.0:milestone2