2 matches found
CVE-2024-34500
CVE-2024-34500 affects MediaWiki with the UnlinkedWikibase extension prior to certain versions: 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. The issue is an XSS flaw triggered via interface messages where error text stored in the $err variable is not escaped before passing to Html::raw...
PT-2024-2681 · Unknown +2 · Globalblocking Extension +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.40.2 GlobalBlocking extension versions prior to 1.40.2 Description: The issue is related to the GlobalBlocking extension in MediaWiki, where improper input neutralization during web page creation can lead to...