Описание
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the editinterface but not the editsitejs user right. This vulnerability is fixed in 3.3.1.
Ссылки
- Patch
- Patch
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.1 (исключая)
cpe:2.3:a:starcitizen.tools:citizen:*:*:*:*:*:mediawiki:*:*
EPSS
Процентиль: 11%
0.00038
Низкий
6.5 Medium
CVSS3
4.8 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.5
github
8 месяцев назад
starcitizentools/citizen-skin allows stored XSS in menu heading message
EPSS
Процентиль: 11%
0.00038
Низкий
6.5 Medium
CVSS3
4.8 Medium
CVSS3
Дефекты
CWE-79