7.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-29251

GHSA ID

GHSA-vmhh-xh3g-j992

EPSS Score

0.82109%

CWE

CWE-79

Published

5/25/2022

Updated

1/27/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-29251

CVE-2022-29251: Cross-site Scripting in the Flamingo theme manager

Impact

We found a possible XSS vector in the FlamingoThemesCode.WebHomeSheet wiki page related to the "newThemeName" form field.

Patches

The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3.

Workarounds

The easiest workaround is to edit the wiki page FlamingoThemesCode.WebHomeSheet (with wiki editor) and change the line

<input type="hidden" name="newThemeName" id="newThemeName" value="$request.newThemeName" />

into

<input type="hidden" name="newThemeName" id="newThemeName" value="$escapetool.xml($request.newThemeName)" />

References

https://jira.xwiki.org/browse/XWIKI-19294
https://github.com/xwiki/xwiki-platform/commit/bd935320bee3c27cf7548351b1d0f935f116d437

For more information

If you have any questions or comments about this advisory:

Open an issue in Jira XWiki
Email us at security mailing list

(GitHub Advisory)

7.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-29251

GHSA ID

GHSA-vmhh-xh3g-j992

EPSS Score

0.82109%

CWE

CWE-79

Published

5/25/2022

Updated

1/27/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.xwiki.platform:xwiki-platform-flamingo-theme-ui	maven	< 12.10.11	12.10.11
org.xwiki.platform:xwiki-platform-flamingo-theme-ui	maven	>= 13.0.0, < 13.4.7	13.4.7
org.xwiki.platform:xwiki-platform-flamingo-theme-ui	maven	>= 13.5.0, < 13.10.3	13.10.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from a lack of proper output encoding in the template file FlamingoThemesCode/WebHomeSheet.xml, specifically in the unescaped insertion of the $request.newThemeName parameter into an HTML input field. This is a template-level issue rather than a specific function in the codebase. The fix involves adding the escaping function $escapetool.xml(), but the vulnerability itself is not tied to a named function in the code (e.g., a Java method or API). Instead, it is caused by improper handling of user input in the view layer (Velocity template). No functions with clear namespaces or file paths are directly implicated beyond the template's markup, which does not qualify as a 'function' in the traditional programming sense.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t W* *oun* * possi*l* XSS v**tor in t** `*l*min*oT**m*s*o**.W***om*S***t` wiki p*** r*l*t** to t** "n*wT**m*N*m*" *orm *i*l*. ### P*t***s T** issu* is p*t**** in v*rsions **.**.**, **.*-r*-*, **.*.*, **.**.*. ### Work*roun*s T** **si*st w

Reasoning

T** vuln*r**ility st*ms *rom * l**k o* prop*r output *n*o*in* in t** t*mpl*t* *il* `*l*min*oT**m*s*o**/W***om*S***t.xml`, sp**i*i**lly in t** un*s**p** ins*rtion o* t** `$r*qu*st.n*wT**m*N*m*` p*r*m*t*r into *n *TML input *i*l*. T*is is * t*mpl*t*-l*

7.4

Basic Information

Concerned about an active attack path?

CVE-2022-29251: Cross-site Scripting in the Flamingo theme manager

Impact

Patches

Workarounds

References

For more information

7.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI