Описание
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface permission, or sysops). This vulnerability is fixed in 2.16.0.
Ссылки
- Product
- Product
- Patch
- Release Notes
- ExploitVendor Advisory
- Product
- Product
- Patch
- Release Notes
- ExploitVendor Advisory
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
Связанные уязвимости
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the `editinterface` permission, or sysops). This vulnerability is fixed in 2.16.0.
EPSS
6.5 Medium
CVSS3
5.4 Medium
CVSS3