Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:28384
HistoryDec 06, 2020 - 4:19 a.m.

Cross-site Scripting (XSS)

2020-12-0604:19:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
mediawiki
xss
vulnerability
unescaped messages
htmlform specifier
attacker
modify messages
raw html
ns filter
option key
security

EPSS

0.001

Percentile

49.9%

MediaWiki is vulnerable to cross-site scripting (XSS). Allowing an attacker to modify messages is include raw HTML which NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier.