Описание
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group--member messages can result in XSS on Special:log/rights.
A flaw was found in the Special:log/rights page in MediaWiki. Messages related to group memberships (group--member) within includes/logging/RightsLogFormatter.php are susceptible to cross-site scripting (XSS) attacks due to inadequate escape handling. This issue could enable an attacker to execute malicious scripts within the affected page, posing a risk of unauthorized code execution or other malicious activities.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | mediawiki | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
6.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1. ...
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.
EPSS
6.3 Medium
CVSS3