3 matches found
CVE-2024-25107
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the Language::date function is used when making the human-readable timestamp for inclusion on the wikicreation column. This function uses interface messages to translate the nam...
CVE-2024-25107
creationtimestamp| type| source ---|---|--- 2024-02-09 00:26:32+00:00| seen| https://t.me/ctinow/181730 2024-02-11 13:49:45+00:00| seen| https://t.me/arpsyndicate/3393 2024-03-02 17:41:40+00:00| seen| https://t.me/ctinow/198429...
CVE-2024-25107
WikiDiscover, an extension for CreateWiki, contains an XSS vulnerability in Special:WikiDiscover where Language::date uses unescaped interface messages from MONTH/DAY translations, yielding unescaped output. Exploitation requires the (editinterface) right. The issue is addressed in commit 267e763...