Cross site scripting

2022-01-1014:11:00

PRIOn knowledge base

www.prio-n.com

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October.

References

gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CheckUser/+/79c2c49a18f96b159258958feca90fce964c350a

phabricator.wikimedia.org/T292795