8 matches found
CVE-2025-25287
Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires high privileges. Those with editinterface...
CVE-2025-25287
Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires high privileges. Those with editinterface...
CVE-2025-25287 Lakeus vulnerable to stored XSS via system messages
Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires high privileges. Those with editinterface...
CVE-2025-25287
CVE-2025-25287 affects the Lakeus skin for MediaWiki. The stored XSS vulnerability arises from improperly handled system messages, with exploitation possible by users having the (editinterface) right; in the case of lakeus-footermessage, all users may be affected if the server links to the reposi...
CVE-2025-25287 Lakeus vulnerable to stored XSS via system messages
Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires high privileges. Those with editinterface...
CVE-2025-25287 Lakeus vulnerable to stored XSS via system messages
Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires high privileges. Those with editinterface...
PT-2025-7070 · Mediawiki · Lakeus
Name of the Vulnerable Software and Affected Versions: Lakeus versions 1.8.0 through 1.3.1 Lakeus versions prior to 1.3.1+REL1.39 Lakeus versions prior to 1.3.1+REL1.42 Lakeus versions prior to 1.4.0 Description: Lakeus is a simple skin made for MediaWiki. It is vulnerable to stored cross-site...
mediawiki-skins-Lakeus 跨站脚本漏洞
mediawiki-skins-Lakeus is a MediaWiki skinning plugin by the individual developer lakejason0. A cross-site scripting vulnerability exists in mediawiki-skins-Lakeus, which originates from a stored cross-site script that can be injected via a system message...