4 matches found
CVE-2025-53486
The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the tag:tagcloud parser...
CVE-2025-53486 WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function
The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the tag:tagcloud parser...
CVE-2025-53486 WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function
The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the tag:tagcloud parser...
PT-2025-28177 · Mediawiki · Mediawiki - Wikicategorytagcloud Extension
Name of the Vulnerable Software and Affected Versions: MediaWiki WikiCategoryTagCloud extension versions 1.39.X through 1.39.12 MediaWiki WikiCategoryTagCloud extension versions 1.42.X through 1.42.6 MediaWiki WikiCategoryTagCloud extension versions 1.43.X through 1.43.1 Description: The...