VYPR
Moderate severityNVD Advisory· Published Sep 8, 2022· Updated Apr 23, 2025

XWiki Cross-Site Request Forgery (CSRF) for actions on tags

CVE-2022-36095

Description

XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the documentTags.vm template in one's filesystem, to apply the changes exposed there.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.xwiki.platform:xwiki-platform-web-templatesMaven
>= 2.0-milestone-1, < 13.10.513.10.5
org.xwiki.platform:xwiki-platform-web-templatesMaven
>= 14.0, < 14.314.3

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.