CVE-2022-29252

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 25-05-2022 11:15

Last modified: - 07-06-2022 08:50

Total changes: - 3

Description

XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the "requestJoin" field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `WikiManager.JoinWiki` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

Low

Integrity

None

Privileges required

Changed

Scope

Required

User interaction

6.1

Base score

2.8

2.7

Exploitability score

Impact score

Verification logic

vendor=xwiki AND product=xwiki AND versionStartIncluding=13.5 AND versionEndExcluding=13.10.3

vendor=xwiki AND product=xwiki AND versionStartIncluding=13.0 AND versionEndExcluding=13.4.7

vendor=xwiki AND product=xwiki AND version=5.3 AND update=milestone2

vendor=xwiki AND product=xwiki AND versionStartIncluding=5.4 AND versionEndExcluding=12.10.11

Reference

Keywords

CVE-2022-29252

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-29252

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures