{"id":"CVE-2022-36095","summary":"XWiki Cross-Site Request Forgery (CSRF) for actions on tags","details":"XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there.","aliases":["GHSA-fxwr-4vq9-9vhj"],"modified":"2026-04-16T03:46:53.917952Z","published":"2022-09-08T20:20:13Z","database_specific":{"cwe_ids":["CWE-352"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/36xxx/CVE-2022-36095.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://jira.xwiki.org/browse/XWIKI-19550"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/36xxx/CVE-2022-36095.json"},{"type":"ADVISORY","url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fxwr-4vq9-9vhj"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36095"},{"type":"FIX","url":"https://github.com/xwiki/xwiki-platform/commit/7ca56e40cf79a468cea54d3480b6b403f259f9ae"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/xwiki/xwiki-platform","events":[{"introduced":"d971304b0e0bf4f6dad278de89518edc17459741"},{"fixed":"585702c6749495ff837c791127e584668be87d74"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36095.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}