PT-2022-5002 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.35.5 and earlier, 1.36.x before 1.36.3, 1.37.x before 1.37.1 Description: The issue is related to Blind Stored XSS via a URL to the Upload Image feature. This could allow a remote attacker to conduct a cross-site scriptin...

MediaWiki VisualEditor Cross-Site Scripting Vulnerability

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems.VisualEditor is a rich text editor extension used in it. A cross-site...