7.4

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-29251

CVE-2022-29251: Cross-site Scripting in the Flamingo theme manager

Impact

We found a possible XSS vector in the FlamingoThemesCode.WebHomeSheet wiki page related to the "newThemeName" form field.

Patches

The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3.

Workarounds

The easiest workaround is to edit the wiki page FlamingoThemesCode.WebHomeSheet (with wiki editor) and change the line

<input type="hidden" name="newThemeName" id="newThemeName" value="$request.newThemeName" />

into

<input type="hidden" name="newThemeName" id="newThemeName" value="$escapetool.xml($request.newThemeName)" />

References

https://jira.xwiki.org/browse/XWIKI-19294
https://github.com/xwiki/xwiki-platform/commit/bd935320bee3c27cf7548351b1d0f935f116d437

For more information

If you have any questions or comments about this advisory:

Open an issue in Jira XWiki
Email us at security mailing list

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-29251

CVE-2022-29251:

7.4

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.xwiki.platform:xwiki-platform-flamingo-theme-ui	maven	< 12.10.11	12.10.11
org.xwiki.platform:xwiki-platform-flamingo-theme-ui	maven	>= 13.0.0, < 13.4.7	13.4.7
org.xwiki.platform:xwiki-platform-flamingo-theme-ui	maven	>= 13.5.0, < 13.10.3	13.10.3

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from a lack of proper output encoding in the template file FlamingoThemesCode/WebHomeSheet.xml, specifically in the unescaped insertion of the $request.newThemeName parameter into an HTML input field. This is a template-level issue rather than a specific function in the codebase. The fix involves adding the escaping function $escapetool.xml(), but the vulnerability itself is not tied to a named function in the code (e.g., a Java method or API). Instead, it is caused by improper handling of user input in the view layer (Velocity template). No functions with clear namespaces or file paths are directly implicated beyond the template's markup, which does not qualify as a 'function' in the traditional programming sense.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-29251: Cross-site Scripting in the Flamingo theme manager

Impact

Patches

Workarounds

References

For more information

CVE-2022-29251:

7.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2022-29251: Cross-site Scripting in the Flamingo theme manager

Impact

Patches

Workarounds

References

For more information

7.4

7.4

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI