2 matches found
CVE-2024-47781 Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki
CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS...
CreateWiki 跨站脚本漏洞
CreateWiki is an extension to the Miraheze open source. A cross-site scripting vulnerability exists in CreateWiki. An attacker exploiting this vulnerability could retrieve deleted wiki requests, which often contain sensitive information...