7 matches found
CVE-2022-36098
XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field...
GHSA-C5V8-2Q4R-5W9V XWiki Platform Mentions UI vulnerable to Cross-site Scripting
Impact It's possible to store Javascript or groovy scripts in an mention macro anchor or reference field. The stored code is executed by anyone visiting the page with the mention. For example, the example below will create a file at /tmp/exploit.txt: mention reference="XWiki.Translation"...
CVE-2022-36098
XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field...
CVE-2022-36098 XWiki Platform Mentions UI vulnerable to Cross-site Scripting
XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field...
CVE-2022-36098
Summary (concrete): XWiki Platform Mentions UI allows storing Javascript or groovy scripts in mention/macro anchor/reference fields in versions prior to 13.10.6 and 14.4 (starting with 12.5-rc-1). The stored code is executed when a page with the mention is visited, enabling cross-site scripting. ...
CVE-2022-36098 XWiki Platform Mentions UI vulnerable to Cross-site Scripting
XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field...
PT-2022-23188 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 12.5-rc-1 through 13.10.5 XWiki Platform versions 12.5-rc-1 through 14.3 Description: The XWiki Platform Mentions UI allows storing Javascript or groovy scripts in a mention, macro anchor, or reference field. The store...