Description
XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gmedia Photo Gallery Arbitrary File Upload (1.2.1)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)
PostgreSQL CVE-2023-2455 Vulnerability (CVE-2023-2455)
WordPress Plugin WP Hotel Booking PHP Object Injection (1.10.3)
Moodle Improper Privilege Management Vulnerability (CVE-2017-7532)