How severe is CVE-2022-36096?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2022-36096?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2022-36096

CRITICAL Year: 2022

CVSS v3 Score

9.0

Critical

Weakness Type

CWE-79

View all →

Vulnerability Description

The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it's possible to store JavaScript which will be executed by anyone viewing the deleted attachments index with an attachment containing javascript in its name. This issue has been patched in XWiki 13.10.6 and 14.3. As a workaround, modify fix the vulnerability by editing the wiki page `XWiki.DeletedAttachments` with the object editor, open the `JavaScriptExtension` object and apply on the content the changes that can be found on the fix commit.

CVE-2016-9470

CRITICAL

CVSS:9.0(Critical)

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables a...

CWE-792016

CVE-2019-17634

CRITICAL

CVSS:9.0(Critical)

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, op...

CWE-792019

CVE-2019-18578

CRITICAL

CVSS:9.0(Critical)

Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HT...

CWE-792019

CVE-2019-18588

CRITICAL

CVSS:9.0(Critical)

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scrip...

CWE-792019

CVE-2019-3873

CRITICAL

CVSS:9.0(Critical)

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve ...

CWE-792019

CVE-2019-7551

CRITICAL

CVSS:9.0(Critical)

Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could ena...

CWE-792019

CVE-2022-36096

Vulnerability Description

Related Vulnerabilities

CVE-2016-9470

CVE-2019-17634

CVE-2019-18578

CVE-2019-18588

CVE-2019-3873

CVE-2019-7551