mediawiki is vulnerable to cross-site scripting (XSS). An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS.
CPE | Name | Operator | Version |
---|---|---|---|
mediawiki:sid | eq | 1:1.35.0-1 | |
mediawiki:bullseye | eq | 1:1.35.0-1 |