XWiki 3.2 Milestone 2
Approved changes feed: RSS · Atom
cpe:2.3:a:xwiki:xwiki:3.2:milestone2:*:*:*:*:*:*
part: a version: 3.2 update: milestone2
| Vendor | Xwiki (cdc9c0cd-6ac5-5dc0-9f52-915ebd57f20d) |
|---|---|
| Product | Xwiki (2fad5bf8-5703-5dac-bd8d-95a867c2e84d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/xwiki/xwiki |
purl2cpe | 2026-06-01 10:18:15.815498 |
pkg:github/xwiki/xwiki-platform |
purl2cpe | 2026-06-01 10:18:15.815499 |
pkg:gitlab/q-phillips/xwiki-platform |
purl2cpe | 2026-06-01 10:18:15.815500 |
pkg:xwiki/xwiki |
purl2cpe | 2026-06-01 10:18:15.815502 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-41927 |
vulnerable | 2026-06-03 14:48:11.847346 |
XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
HIGH (7.4)
XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, "Wrong CSRF token")) #end ```
Published: 2022-11-23T00:00:00.000Z
Updated: 2025-04-23T16:35:31.577Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.