Lucene search

K

Veracode Vulnerability DatabaseVERACODE:36251

HistoryJul 04, 2022 - 5:59 a.m.

Cross-site Scripting (XSS)

2022-07-0405:59:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

15

mediawiki

xss

cross-site scripting

specialcontributions.php

html entities

EPSS

0.001

Percentile

48.6%

mediawiki/core is vulnerable to cross-site scriptingattacks. The library does not properly escape characters in contributions-title message in SpecialContributions.php which is used as a page title, allowing an attacker to inject and execute malicious javascript through harmful HTML entities.

References

github.com/wikimedia/mediawiki/commit/4310eae71eebd8cc6b415af14bcda0c84f497633

github.com/wikimedia/mediawiki/commit/66f9ea7e9d5d69587fc1794d0cf4b719028b3a72

lists.debian.org/debian-lts-announce/2022/09/msg00027.html

lists.fedoraproject.org/archives/list/[email protected]/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/

lists.fedoraproject.org/archives/list/[email protected]/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/

phabricator.wikimedia.org/T308473

security.gentoo.org/glsa/202305-24

www.debian.org/security/2022/dsa-5246

EPSS

0.001

Percentile

48.6%

Related for VERACODE:36251

osv4 ubuntucve1 openvas6 cvelist1 debiancve1 nvd1 prion1 redhatcve1 cve1 fedora2 debian2 nessus3 gentoo1