XWiki 14.4
Approved changes feed: RSS · Atom
cpe:2.3:a:xwiki:xwiki:14.4:*:*:*:*:*:*:*
part: a version: 14.4 update: *
| Vendor | Xwiki (cdc9c0cd-6ac5-5dc0-9f52-915ebd57f20d) |
|---|---|
| Product | Xwiki (2fad5bf8-5703-5dac-bd8d-95a867c2e84d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/xwiki/xwiki |
purl2cpe | 2026-06-01 10:18:15.715502 |
pkg:github/xwiki/xwiki-platform |
purl2cpe | 2026-06-01 10:18:15.715504 |
pkg:gitlab/q-phillips/xwiki-platform |
purl2cpe | 2026-06-01 10:18:15.715505 |
pkg:xwiki/xwiki |
purl2cpe | 2026-06-01 10:18:15.715507 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-41927 |
vulnerable | 2026-06-03 14:48:11.848872 |
XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
HIGH (7.4)
XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, "Wrong CSRF token")) #end ```
Published: 2022-11-23T00:00:00.000Z
Updated: 2025-04-23T16:35:31.577Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.