CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
26.5%
ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the columns
and help
keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the (editinterface)
right. Users should apply the code changes in commits 886cc6b94
, 2ef0f50880
, and 6942e8b2c
to resolve this vulnerability. There are no known workarounds for this vulnerability.
Vendor | Product | Version | CPE |
---|---|---|---|
miraheze | managewiki | * | cpe:2.3:a:miraheze:managewiki:*:*:*:*:*:*:*:* |
github.com/miraheze/ManageWiki/commit/2ef0f50880d7695ca2874dc8dd515b2b9bbb02e5
github.com/miraheze/ManageWiki/commit/6942e8b2c01dc33c2c41a471f91ef3f6ca726073
github.com/miraheze/ManageWiki/commit/886cc6b94587f1c7387caa26ca9fe612e01836a0
github.com/miraheze/ManageWiki/security/advisories/GHSA-4jr2-jhfm-2r84
issue-tracker.miraheze.org/T11812