{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T23:55:34.325","vulnerabilities":[{"cve":{"id":"CVE-2022-36098","sourceIdentifier":"security-advisories@github.com","published":"2022-09-08T21:15:08.097","lastModified":"2024-11-21T07:12:23.000","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field. The stored code is executed by anyone visiting the page with the mention. This issue has been patched on XWiki 14.4 and 13.10.6. As a workaround, one may update `XWiki.Mentions.MentionsMacro` and edit the `Macro code` field of the `XWiki.WikiMacroClass` XObject."},{"lang":"es","value":"XWiki Platform Mentions UI es una Interfaz de Usuario para mencionar usuarios en contenido wiki para XWiki Platform, una plataforma wiki genérica. A partir de la versión 12.5-rc-1 y anteriores a 13.10.6 y 14.4, es posible almacenar Javascript o scripts maravillosos en un campo de mención, ancla de macro o referencia. El código almacenado es ejecutado por cualquiera que visite la página con la mención. Este problema ha sido parcheado en XWiki versiones 14.4 y 13.10.6. Como mitigación, puede actualizarse \"XWiki.Mentions.MentionsMacro\" y editar el campo \"Macro code\" del XObject \"XWiki.WikiMacroClass\""}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"12.5","versionEndExcluding":"13.10.6","matchCriteriaId":"ED6936AF-2696-4165-B7AD-54CF65C6A904"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.4","matchCriteriaId":"78E9227E-5BAE-44FD-B327-13434E0AF974"}]}]}],"references":[{"url":"https://github.com/xwiki/xwiki-platform/commit/4032dc896857597efd169966dc9e2752a9fdd459#diff-4fe22885f772e47d3561a05348f73921669ec12d4413b220383b73c7ae484bc4R608-R610","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/xwiki/xwiki-platform/commit/4f290d87a8355e967378a1ed6aee23a06ba162eb","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5v8-2q4r-5w9v","source":"security-advisories@github.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-19752","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/xwiki/xwiki-platform/commit/4032dc896857597efd169966dc9e2752a9fdd459#diff-4fe22885f772e47d3561a05348f73921669ec12d4413b220383b73c7ae484bc4R608-R610","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/xwiki/xwiki-platform/commit/4f290d87a8355e967378a1ed6aee23a06ba162eb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5v8-2q4r-5w9v","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-19752","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}