CVE-2022-29252
Description
XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the WikiManager.JoinWiki wiki page related to the "requestJoin" field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page WikiManager.JoinWiki (with wiki editor) according to the suggestion provided in the GitHub Security Advisory.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.827
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-29252 are fixed in XWiki - Wiki UI Mainwiki 12.10.11 | Windows |
| Vulnerabilities CVE-2022-29252 are fixed in XWiki - Wiki UI Mainwiki 13.4.7 | Windows |
| Vulnerabilities CVE-2022-29252 are fixed in XWiki - Wiki UI Mainwiki 13.10.3 | Windows |
| Vulnerabilities CVE-2022-29252 are fixed in XWiki - Wiki UI Mainwiki for Linux 12.10.11 | Linux |
| Vulnerabilities CVE-2022-29252 are fixed in XWiki - Wiki UI Mainwiki for Linux 13.4.7 | Linux |
| Vulnerabilities CVE-2022-29252 are fixed in XWiki - Wiki UI Mainwiki for Linux 13.10.3 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234