CVE-2022-29252 is a medium-severity cross-site scripting (XSS) vulnerability affecting the XWiki Platform, specifically within the Wiki UI Main Wiki package responsible for managing subwikis. The vulnerability exists in the `WikiManager.JoinWiki` wiki page, particularly related to the handling of the "requestJoin" field. Starting from version 5.3-milestone-2 up to versions prior to 12.10.11, and in certain later versions (13.0 to before 13.4.7 and 13.5 to before 13.10.3), the platform fails to properly neutralize or encode script-related HTML tags in user-supplied input. This improper neutralization (CWE-80) and improper encoding or escaping of output (CWE-116) allow an attacker to inject malicious scripts that execute in the context of a victim's browser when they visit the affected wiki page. The vulnerability can lead to theft of session tokens, defacement, or redirection to malicious sites. The issue is patched in versions 12.10.11, 13.4.7, 13.10.3, and 14.0-rc-1. A workaround involves editing the `WikiManager.JoinWiki` page to sanitize the "requestJoin" field input as recommended in the GitHub Security Advisory. There are no known exploits in the wild, and exploitation does not require authentication but does require user interaction (visiting the maliciously crafted page). The vulnerability affects a widely used open-source wiki platform often deployed in enterprise and academic environments for collaboration and documentation.

For European organizations using XWiki Platform, this vulnerability poses a risk primarily to confidentiality and integrity of user sessions and data. Successful exploitation could allow attackers to execute arbitrary JavaScript in the context of authenticated users, potentially leading to session hijacking, unauthorized actions, or data leakage. This is particularly impactful for organizations relying on XWiki for internal knowledge bases, project documentation, or collaborative workflows, as it could facilitate lateral movement or data exfiltration. The availability impact is limited, as the vulnerability does not directly cause denial of service. However, reputational damage and compliance risks (e.g., GDPR) could arise if sensitive information is compromised. Since XWiki is used across various sectors including government, education, and enterprises in Europe, the threat could affect a broad range of organizations, especially those that have not updated to patched versions or applied recommended workarounds.

1. Immediate upgrade to a patched version of XWiki Platform: specifically versions 12.10.11, 13.4.7, 13.10.3, or later stable releases. 2. If immediate upgrade is not feasible, apply the recommended workaround by editing the `WikiManager.JoinWiki` page to sanitize the "requestJoin" field input as per the GitHub Security Advisory. 3. Implement Content Security Policy (CSP) headers to restrict execution of inline scripts and reduce the impact of XSS attacks. 4. Conduct a thorough audit of all custom wiki pages and macros to ensure proper input validation and output encoding practices are followed. 5. Educate users to be cautious about clicking on suspicious links or content within the wiki environment. 6. Monitor web server logs and application logs for unusual input patterns or attempts to inject scripts. 7. Employ web application firewalls (WAF) with rules targeting XSS payloads specific to XWiki patterns. 8. Regularly review and update security policies and patch management processes to ensure timely application of security updates.