Описание
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the editinterface but not the editsitejs user right. This vulnerability is fixed in 3.3.1.
Ссылки
- Patch
- Patch
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.1 (исключая)
cpe:2.3:a:starcitizen.tools:citizen:*:*:*:*:*:mediawiki:*:*
EPSS
Процентиль: 7%
0.00028
Низкий
6.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.5
github
8 месяцев назад
Citizen skin vulnerable to stored XSS through multiple system messages
EPSS
Процентиль: 7%
0.00028
Низкий
6.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79