Description
XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cookie Information-Free GDPR Consent Solution Security Bypass (2.0.22)
Apache HTTP Server Other Vulnerability (CVE-2004-0885)
MySQL CVE-2017-3312 Vulnerability (CVE-2017-3312)
WebLogic CVE-2018-2933 Vulnerability (CVE-2018-2933)
WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll PHP Object Injection (1.5.5)