Описание
ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the columns and help keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the (editinterface) right. Users should apply the code changes in commits 886cc6b94, 2ef0f50880, and 6942e8b2c to resolve this vulnerability. There are no known workarounds for this vulnerability.
Ссылки
- Patch
- Patch
- Patch
- Vendor Advisory
- Issue Tracking
- Patch
- Patch
- Patch
- Vendor Advisory
- Issue Tracking
Уязвимые конфигурации
Конфигурация 1Версия до 2024-02-09 (исключая)
cpe:2.3:a:miraheze:managewiki:*:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.0029
Низкий
6.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
EPSS
Процентиль: 52%
0.0029
Низкий
6.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79