PT-2022-19506 · Xwiki · Xwiki Platform Filter Ui
Thomas Mortagne
·
Published
2022-05-31
·
Updated
2022-06-09
·
CVE-2022-29258
CVSS v3.1
7.4
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
XWiki Platform Filter UI versions 5.4.4 through 12.10.10
XWiki Platform Filter UI versions 13.0.0 through 13.4.6
XWiki Platform Filter UI versions 13.10.0 through 13.10.2
XWiki Platform Filter UI versions 14.0.0-rc-0
Description
The issue is related to a possible cross-site scripting vector in the
Filter.FilterStreamDescriptorForm wiki page, affecting pretty much all the form fields printed in the home page of the application.Recommendations
For versions 5.4.4 through 12.10.10, edit the wiki page
Filter.FilterStreamDescriptorForm according to the instructions in the GitHub Security Advisory.
For versions 13.0.0 through 13.4.6, edit the wiki page Filter.FilterStreamDescriptorForm according to the instructions in the GitHub Security Advisory.
For versions 13.10.0 through 13.10.2, edit the wiki page Filter.FilterStreamDescriptorForm according to the instructions in the GitHub Security Advisory.
For versions 14.0.0-rc-0, edit the wiki page Filter.FilterStreamDescriptorForm according to the instructions in the GitHub Security Advisory.Exploit
Fix
Improper Encoding or Escaping of Output
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Xwiki Platform Filter Ui