EUVD-2023-1786

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

mediawiki/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in the SiteLinksView.php which allows an attacker to inject and execute arbitrary JavaScript into the browser...

MediaWiki Cross-site Scripting vulnerability

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

CVE-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

CVE-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

CVE-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

CVE-2023-37302

Summary (supported) : CVE-2023-37302 affects the Wikibase component of MediaWiki (sites using Wikibase with MediaWiki up to 1.39.3). The issue is a cross-site scripting (XSS) vulnerability triggered by a crafted badge title attribute, arising from insufficient escaping in SiteLinksView.php and re...