Lucene search
PRIOn knowledge basePRION:CVE-2022-36094HistorySep 08, 2022 - 8:15 p.m.
Design/Logic Flaw
2022-09-0820:15:00
PRIOn knowledge base
www.prio-n.com
xwiki platform
web resources
javascript flaw
patched
version 13.10.6
version 14.3rc1
workaround
nvd
XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it’s possible to store JavaScript which will be executed by anyone viewing the history of an attachment containing javascript in its name. This issue has been patched in XWiki 13.10.6 and 14.3RC1. As a workaround, it is possible to replace viewattachrev.vm, the entry point for this attack, by a patched version from the patch without updating XWiki.
Related
github
github
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
2022-09-16 17:05:12
cvelist
cvelist
cve
cve
CVE-2022-36094
2022-09-08 20:15:08
osv
osv
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
2022-09-16 17:05:12
CVE-2022-36094
2022-09-08 20:15:08
nvd
nvd
CVE-2022-36094
2022-09-08 20:15:08
openvas
openvas
XWiki 1.0 < 13.10.6, 14.0 < 14.3 XSS Vulnerability (GHSA-mxf2-4r22-5hq9)
2022-09-15 00:00:00