VYPR

Maven package

org.xwiki.platform/xwiki-platform-tag-ui

pkg:maven/org.xwiki.platform/xwiki-platform-tag-ui

Vulnerabilities (2)

  • CVE-2022-41927Nov 23, 2022
    affected >= 3.2-milestone-2, < 13.10.7fixed 13.10.7

    XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly

  • CVE-2022-36100Sep 8, 2022
    affected < 13.10.6fixed 13.10.6

    XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document `Main.Tags` in XWiki didn't sa