CVE-2022-36096

The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it's possible to store JavaScript which will be executed by anyone viewing the deleted attachments index wi...

Code injection

The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it's possible to store JavaScript which will be executed by anyone viewing the deleted attachments index wi...

CVE-2022-36096

The CVE-2022-36096 issue affects XWiki Platform’s Index UI, where an attacker could store JavaScript in attachment names viewed from the deleted attachments index, enabling XSS. Affected versions are prior to 13.10.6 and 14.3. The vulnerability is mitigated by upgrading to XWiki 13.10.6 or 14.3, ...

CVE-2022-36096 XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list

The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it's possible to store JavaScript which will be executed by anyone viewing the deleted attachments index wi...