Описание
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 3.4.0.
Ссылки
- Patch
- Release Notes
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.9.4 (включая) до 3.4.0 (исключая)
cpe:2.3:a:starcitizen.tools:citizen:*:*:*:*:*:mediawiki:*:*
EPSS
Процентиль: 8%
0.0003
Низкий
8.6 High
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 8.6
github
7 месяцев назад
Citizen vulnerable to Stored XSS through short descriptions
EPSS
Процентиль: 8%
0.0003
Низкий
8.6 High
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79