Lucene search

K

PRIOn knowledge basePRION:CVE-2022-41928

HistoryNov 23, 2022 - 7:15 p.m.

Design/Logic Flaw

2022-11-2319:15:00

PRIOn knowledge base

www.prio-n.com

1

xwiki platform

eval injection

vulnerability patched

versions 13.10.7

14.4.2

14.5

nvd

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the height or alt macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating XWiki.AttachmentSelector with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23

CPENameOperatorVersion
xwikige14.0.0
xwikilt14.4.2
xwikigt5.0
xwikilt13.10.7
xwikieq5.0 milestone1
xwikieq5.0 milestone2
xwikieq14.4.3
xwikieq14.4.4

References

github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j

jira.xwiki.org/browse/XWIKI-19800

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

Related for PRION:CVE-2022-41928

github1 nvd1 cvelist1 osv2 cve1 openvas1