Описание
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
A flaw was found in MediaWiki. This vulnerability is associated with the includes/Api/ApiFormatXml.Php file. An attacker with high privileges could potentially interact with this flaw.
Отчет
This vulnerability in MediaWiki allows administrators who are not interface administrators to execute JavaScript through the Action API's XSLT option. The impact is confined to the MediaWiki application, requiring an authenticated administrator account for exploitation. Red Hat deployments of MediaWiki are affected if the application is configured to allow such administrative roles.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Дополнительная информация
Статус:
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is ...
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
EPSS
4.7 Medium
CVSS3