EUVD-2024-20692

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via drilldown/CargoAppliedFilter.php. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious input into the artist, album, or position parameters on the...

MediaWiki Cargo Extension Cross-site Scripting vulnerability

An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php...

PT-2024-2677 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.14 MediaWiki versions 1.36.x through 1.39.x before 1.39.6 MediaWiki versions 1.40.x before 1.40.2 Description: An issue in the Cargo extension of MediaWiki allows for XSS attacks via the artist, album, and...