PT-2023-25858 · Mediawiki +1 · Checkuser Extension +1
Name of the Vulnerable Software and Affected Versions: CheckUser extension for MediaWiki versions through 1.39.3 Description: An issue in the CheckUser extension for MediaWiki allows HTML injection through the User-Agent HTTP request header in Special:CheckUser when performing a "get edits" type...