cbcvebase.
CVE-2022-36095
published 2022-09-08

CVE-2022-36095: XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding…

PriorityP418medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.32%
24.2th percentile
XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there.

Affected

5 ranges
VendorProductVersion rangeFixed in
xwikixwiki
xwikixwiki>= 14.0 < 14.314.3
xwikixwiki>= 2.3 < 13.10.613.10.6
xwikixwiki-platform
xwikixwiki-platform
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.