Описание
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the editinterface but not the editsitejs user right. This vulnerability is fixed in 3.3.1.
Ссылки
- Patch
- Patch
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.1 (исключая)
cpe:2.3:a:starcitizen.tools:citizen:*:*:*:*:*:mediawiki:*:*
EPSS
Процентиль: 7%
0.00028
Низкий
6.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.5
github
8 месяцев назад
starcitizentools/citizen-skin allows stored XSS in user registration date message
EPSS
Процентиль: 7%
0.00028
Низкий
6.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79