Lucene search
PRIOn knowledge basePRION:CVE-2022-36098HistorySep 08, 2022 - 9:15 p.m.
Code injection
2022-09-0821:15:00
PRIOn knowledge base
www.prio-n.com
1
xwiki platform mentions
code injection
javascript execution
groovy scripts
security patch
wikimacro update
XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it’s possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field. The stored code is executed by anyone visiting the page with the mention. This issue has been patched on XWiki 14.4 and 13.10.6. As a workaround, one may update XWiki.Mentions.MentionsMacro and edit the Macro code field of the XWiki.WikiMacroClass XObject.
Related
cvelist
cvelist
CVE-2022-36098 XWiki Platform Mentions UI vulnerable to Cross-site Scripting
2022-09-08 20:50:11
osv
osv
XWiki Platform Mentions UI vulnerable to Cross-site Scripting
2022-09-16 17:36:44
CVE-2022-36098
2022-09-08 21:15:08
github
github
XWiki Platform Mentions UI vulnerable to Cross-site Scripting
2022-09-16 17:36:44
cve
cve
CVE-2022-36098
2022-09-08 21:15:08
openvas
openvas
XWiki 12.5 < 13.10.6, 14.0 < 14.4 XSS Vulnerability (GHSA-c5v8-2q4r-5w9v)
2022-09-16 00:00:00
nvd
nvd
CVE-2022-36098
2022-09-08 21:15:08