CVE-2022-36096 is a cross-site scripting (XSS) vulnerability affecting the XWiki Platform, a widely used generic wiki platform. The vulnerability specifically resides in the Index UI component that lists all pages, attachments, orphans, and deleted pages and attachments. Prior to versions 13.10.6 and 14.3, it is possible for an attacker to store malicious JavaScript code within the name of an attachment. When a user views the deleted attachments index, this JavaScript is executed in the context of their browser session. This occurs due to improper neutralization of input during web page generation, classified under CWE-79 and CWE-80, which means the platform fails to properly sanitize or encode user-supplied input before rendering it in the web interface. The vulnerability affects versions from 2.2-milestone-1 up to but not including 13.10.6, and from 14.0 up to but not including 14.3. The issue has been patched in versions 13.10.6 and 14.3. As a workaround, administrators can manually edit the `XWiki.DeletedAttachments` wiki page using the object editor to modify the `JavaScriptExtension` object, applying changes from the official fix commit to neutralize the vulnerability. No known exploits are currently reported in the wild, but the vulnerability allows an attacker to execute arbitrary JavaScript in the context of users viewing the affected page, potentially leading to session hijacking, credential theft, or unauthorized actions within the wiki platform. The vulnerability does not require authentication to exploit if the attacker can upload or rename attachments, but user interaction is required to view the deleted attachments index page where the malicious script executes.

For European organizations using the XWiki Platform, this vulnerability poses a moderate risk primarily to confidentiality and integrity. Successful exploitation could allow attackers to execute arbitrary scripts in the browsers of users who access the deleted attachments index, potentially leading to session hijacking, theft of sensitive information, or unauthorized actions within the wiki environment. This could result in data leakage, unauthorized modifications, or disruption of collaborative workflows. Given that wikis are often used for internal documentation and knowledge sharing, the compromise of user sessions or data integrity could impact operational efficiency and trust. The availability impact is limited as the vulnerability does not directly enable denial of service. However, exploitation could be leveraged as part of a broader attack chain targeting European organizations that rely on XWiki for internal collaboration, especially in sectors where sensitive or regulated information is stored. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, particularly if attackers discover new ways to upload or rename attachments with malicious payloads. Organizations with less frequent patching cycles or limited monitoring of wiki platforms are at higher risk.

To mitigate this vulnerability, European organizations should prioritize upgrading XWiki Platform installations to version 13.10.6 or 14.3 and later, where the issue is fully patched. If immediate upgrading is not feasible, administrators should apply the documented workaround by editing the `XWiki.DeletedAttachments` wiki page using the object editor to modify the `JavaScriptExtension` object with the fix from the official commit. Additionally, organizations should implement strict input validation and sanitization policies for attachment names and other user-supplied content to prevent injection of executable scripts. Monitoring and restricting attachment upload permissions to trusted users can reduce the risk of malicious payload insertion. Enabling Content Security Policy (CSP) headers in the web server configuration can help mitigate the impact of any injected scripts by restricting script execution sources. Regularly auditing wiki content and logs for suspicious activity related to deleted attachments or unusual script injections is recommended. Finally, educating users about the risks of interacting with untrusted wiki content and encouraging prompt reporting of anomalies can enhance detection and response capabilities.