7 matches found
Debian dla-3796 : mediawiki - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3796 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3796-1 [email protected] https://www.debian.org/lts/security/...
BIT-MEDIAWIKI-2023-51704
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group--member messages can result in XSS on Special:log/rights...
Cross Site Scripting(XSS)
mediawiki:sid is vulnerable to cross site scripting. The vulnerability due to Load Special:log/rights script by using an administrator account. it allows an attacker can change URL ends with =x-xss which leads to XSS...
CVE-2023-51704
A flaw was found in the Special:log/rights page in MediaWiki. Messages related to group memberships group--member within includes/logging/RightsLogFormatter.php are susceptible to cross-site scripting XSS attacks due to inadequate escape handling. This issue could enable an attacker to execute...
CVE-2023-51704
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group--member messages can result in XSS on Special:log/rights...
Cross site scripting
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group--member messages can result in XSS on Special:log/rights...
CVE-2023-51704
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group--member messages can result in XSS on Special:log/rights...