3 matches found
CVE-2023-37302
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...
CVE-2023-37302
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...
CVE-2023-37302
Summary (supported) : CVE-2023-37302 affects the Wikibase component of MediaWiki (sites using Wikibase with MediaWiki up to 1.39.3). The issue is a cross-site scripting (XSS) vulnerability triggered by a crafted badge title attribute, arising from insufficient escaping in SiteLinksView.php and re...