How severe is CVE-2022-36098?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2022-36098?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2022-36098

CRITICAL Year: 2022

CVSS v3 Score

9.0

Critical

Weakness Type

CWE-79

View all →

Vulnerability Description

XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field. The stored code is executed by anyone visiting the page with the mention. This issue has been patched on XWiki 14.4 and 13.10.6. As a workaround, one may update `XWiki.Mentions.MentionsMacro` and edit the `Macro code` field of the `XWiki.WikiMacroClass` XObject.

CVE-2016-9470

CRITICAL

CVSS:9.0(Critical)

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables a...

CWE-792016

CVE-2019-17634

CRITICAL

CVSS:9.0(Critical)

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, op...

CWE-792019

CVE-2019-18578

CRITICAL

CVSS:9.0(Critical)

Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HT...

CWE-792019

CVE-2019-18588

CRITICAL

CVSS:9.0(Critical)

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scrip...

CWE-792019

CVE-2019-3873

CRITICAL

CVSS:9.0(Critical)

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve ...

CWE-792019

CVE-2019-7551

CRITICAL

CVSS:9.0(Critical)

Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could ena...

CWE-792019

CVE-2022-36098

Vulnerability Description

Related Vulnerabilities

CVE-2016-9470

CVE-2019-17634

CVE-2019-18578

CVE-2019-18588

CVE-2019-3873

CVE-2019-7551