Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv3

CVE-2022-36098

Published: 08/09/2022 Updated: 13/09/2022
CVSS v3 Base Score: 9 | Impact Score: 6 | Exploitability Score: 2.3
VMScore: 0

Vulnerability Summary

XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field. The stored code is executed by anyone visiting the page with the mention. This issue has been patched on XWiki 14.4 and 13.10.6. As a workaround, one may update `XWiki.Mentions.MentionsMacro` and edit the `Macro code` field of the `XWiki.WikiMacroClass` XObject.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xwiki xwiki

References

CWE-79https://github.com/xwiki/xwiki-platform/commit/4032dc896857597efd169966dc9e2752a9fdd459#diff-4fe22885f772e47d3561a05348f73921669ec12d4413b220383b73c7ae484bc4R608-R610https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5v8-2q4r-5w9vhttps://github.com/xwiki/xwiki-platform/commit/4f290d87a8355e967378a1ed6aee23a06ba162ebhttps://jira.xwiki.org/browse/XWIKI-19752https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27842CVE-2024-30657CVE-2024-4534hardcodedSSRFCVE-2024-21683CVE-2024-5364file uploadCVE-2024-5371
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook