GHSA-X2QM-R4WX-8GPG org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

Impact It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter URL parameter, in combination with additional parameters formtoken=1&action=create. For instance:...

CVE-2022-29251

XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the FlamingoThemesCode.WebHomeSheet wiki page related to the "newThemeName" form field. The...

Cross site scripting

XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the FlamingoThemesCode.WebHomeSheet wiki page related to the "newThemeName" form field. The...

CVE-2022-29251 Cross-site Scripting in the Flamingo theme manager

XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the FlamingoThemesCode.WebHomeSheet wiki page related to the "newThemeName" form field. The...

Xwiki Platform 跨站脚本漏洞

Xwiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company Xwiki. A security vulnerability exists in XWiki Platform Flamingo Theme UI versions after 6.2.4, 6.3-rc-1, which stems from the presence of a cross-site scripting vector in the...