Lucene search

K
nvd[email protected]NVD:CVE-2024-34500
HistoryMay 05, 2024 - 7:15 p.m.

CVE-2024-34500

2024-05-0519:15:07
web.nvd.nist.gov
5
unlinkedwikibase
xss
mediawiki

AI Score

6.8

Confidence

High

EPSS

0

Percentile

15.5%

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class.

AI Score

6.8

Confidence

High

EPSS

0

Percentile

15.5%