CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
26.5%
ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the columns
and help
keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the (editinterface)
right. Users should apply the code changes in commits 886cc6b94
, 2ef0f50880
, and 6942e8b2c
to resolve this vulnerability. There are no known workarounds for this vulnerability.
Vendor | Product | Version | CPE |
---|---|---|---|
miraheze | managewiki | * | cpe:2.3:a:miraheze:managewiki:*:*:*:*:*:*:*:* |
[
{
"vendor": "miraheze",
"product": "ManageWiki",
"versions": [
{
"version": "< 6942e8b2c01dc33c2c41a471f91ef3f6ca726073",
"status": "affected"
}
]
}
]
github.com/miraheze/ManageWiki/commit/2ef0f50880d7695ca2874dc8dd515b2b9bbb02e5
github.com/miraheze/ManageWiki/commit/6942e8b2c01dc33c2c41a471f91ef3f6ca726073
github.com/miraheze/ManageWiki/commit/886cc6b94587f1c7387caa26ca9fe612e01836a0
github.com/miraheze/ManageWiki/security/advisories/GHSA-4jr2-jhfm-2r84
issue-tracker.miraheze.org/T11812