Lucene search

PRIOn knowledge basePRION:CVE-2022-36095

HistorySep 08, 2022 - 9:15 p.m.

Cross site request forgery (csrf)

2022-09-0821:15:00

PRIOn knowledge base

www.prio-n.com

xwiki

cross-site request forgery

csrf

security patch

document tags

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the documentTags.vm template in one’s filesystem, to apply the changes exposed there.

CPENameOperatorVersion
xwikige14.0
xwikilt14.3
xwikige2.3
xwikilt13.10.6
xwikieq2.0 milestone2

Name	Operator	Version
xwiki	ge	14.0
xwiki	lt	14.3
xwiki	ge	2.3
xwiki	lt	13.10.6
xwiki	eq	2.0 milestone2

References

github.com/xwiki/xwiki-platform/commit/7ca56e40cf79a468cea54d3480b6b403f259f9ae

github.com/xwiki/xwiki-platform/security/advisories/GHSA-fxwr-4vq9-9vhj

jira.xwiki.org/browse/XWIKI-19550