Описание
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | released | 1:1.31.2-1 |
| disco | ignored | end of life |
| eoan | released | 1:1.31.2-1 |
| esm-apps/bionic | needed | |
| esm-apps/focal | released | 1:1.31.2-1 |
| esm-apps/jammy | released | 1:1.31.2-1 |
| esm-apps/noble | released | 1:1.31.2-1 |
| esm-infra-legacy/trusty | DNE |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaSc ...
Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с возможностью загрузки пользовательского JavaScript кода из несуществующей учетной записи, позволяющая нарушителю нарушить целостность данных
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3