PT-2022-23185 · Unknown · Xwiki Platform
Michael Hamann
·
Published
2022-09-08
·
Updated
2022-09-16
·
CVE-2022-36095
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
XWiki Platform versions prior to 13.10.5 and 14.3
Description
The issue allows for a Cross-Site Request Forgery (CSRF) attack, enabling the addition or removal of tags on XWiki pages.
Recommendations
For versions prior to 13.10.5, update to version 13.10.5 or later.
For versions prior to 14.3, update to version 14.3 or later.
As a temporary workaround, consider locally modifying the
documentTags.vm template in the filesystem to apply the exposed changes.Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xwiki Platform