Cross-site Scripting (XSS)

miraheze/manage-wiki is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the columns and help keys interface messages within the form descriptor. An attacker requires the editinterface right to exploit this vulnerability...

CVE-2024-25109 Cross-Site Scripting in the extensions, settings, permissions and namespaces subpages of ManageWiki

ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the columns and help keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires...

PT-2024-20753 · Mediawiki · Managewiki

Name of the Vulnerable Software and Affected Versions: ManageWiki affected versions not specified Description: ManageWiki is a MediaWiki extension that allows users to manage wikis. The issue arises because Special:ManageWiki does not properly escape interface messages on the columns and help key...

MediaWiki cross-site scripting vulnerability (CNVD-2021-38685)

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki version 1.34.x prior...