2 matches found
CVE-2024-34500
CVE-2024-34500 affects MediaWiki with the UnlinkedWikibase extension prior to certain versions: 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. The issue is an XSS flaw triggered via interface messages where error text stored in the $err variable is not escaped before passing to Html::raw...
CVE-2024-34502
CVE-2024-34502 affects WikibaseLexeme in MediaWiki up to specific versions: before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. The flaw allows Special:MergeLexemes to trigger an edit merging the from-id into the to-id even when the request is not POST and lacks an edit token, effectiv...