Описание
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- ExploitIssue TrackingPatchVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- ExploitIssue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.39.3 (включая)
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.0169
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
ubuntu
больше 2 лет назад
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).
EPSS
Процентиль: 82%
0.0169
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79