Vulnerability Description
XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xwiki | Xwiki | >= 2.3, < 13.10.6 |
Related Weaknesses (CWE)
References
- https://github.com/xwiki/xwiki-platform/commit/7ca56e40cf79a468cea54d3480b6b403fPatchThird Party Advisory
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fxwr-4vq9-9vhjPatchThird Party Advisory
- https://jira.xwiki.org/browse/XWIKI-19550Vendor Advisory
- https://github.com/xwiki/xwiki-platform/commit/7ca56e40cf79a468cea54d3480b6b403fPatchThird Party Advisory
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fxwr-4vq9-9vhjPatchThird Party Advisory
- https://jira.xwiki.org/browse/XWIKI-19550Vendor Advisory
FAQ
What is CVE-2022-36095?
CVE-2022-36095 is a vulnerability with a CVSS score of 4.3 (MEDIUM). XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The prob...
How severe is CVE-2022-36095?
CVE-2022-36095 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-36095?
Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Xwiki.