GHSA-fxwr-4vq9-9vhj, CVE-2022-36095
maven/org.xwiki.platform/xwiki-platform-web-templates
Cross-Site Request Forgery (CSRF)
XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the documentTags.vm
template in one's filesystem, to apply the changes exposed there.
All versions starting from 2.0-milestone-1 before 13.10.5, all versions starting from 14.0 before 14.3
Upgrade to versions 13.10.5, 14.3 or above.
2022-09-19
source |