https://db.gcve.eu/sightings/feed 2026-05-11T20:38:32.624352+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/aac75e50-6147-4b13-a522-5537890bcd0c/export 2026-05-11T20:38:33.076512+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "aac75e50-6147-4b13-a522-5537890bcd0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36097", "type": "seen", "source": "https://t.me/cibsecurity/49481", "content": "\u203c CVE-2022-36097 \u203c\n\nXWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-rc-1 and prior to 14.4-rc-1, it's possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the corresponding attachment. This issue has been patched in XWiki 14.4-rc-1. As a workaround, one may copy `moveStep1.vm` to `webapp/xwiki/templates/moveStep1.vm` and replace vulnerable code with code from the patch.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-09T00:15:40.000000Z"} 2022-09-09T00:15:40+00:00