CVE-2022-41932

HIGH

XWiki < 13.10.8 - Denial of Service via Crafted User Identifier in Login Form

Title source: llm
STIX 2.1

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue.

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0052
EPSS Percentile 40.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-400 CWE-770
Status published
Products (4)
org.xwiki.platform/xwiki-platform-oldcore 0 - 13.10.8Maven
xwiki/xwiki 14.4.3
xwiki/xwiki 14.4.4
xwiki/xwiki < 13.10.8
Published Nov 23, 2022
Tracked Since Feb 18, 2026