Lucene search
K

6 matches found

OSV
OSV
added 2025/06/12 5:57 a.m.3 views

BIT-MEDIAWIKI-2024-34500

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages in the $err var are not escaped before being passed to Html::rawElement in the getError function in the...

6.1CVSS6.1AI score0.00473EPSS
Exploits0References5
OSV
OSV
added 2024/05/05 9:30 p.m.3 views

GHSA-WCX3-63MM-H8X6 MediaWiki UnlinkedWikibase Cross-site Scripting vulnerability

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.42.0. XSS can occur through an interface message. Error messages in the $err var are not escaped before being passed to Html::rawElement in the getError function in the Hooks class...

6.1CVSS5.8AI score0.00473EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/05/05 12:0 a.m.24 views

CVE-2024-34500

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages in the $err var are not escaped before being passed to Html::rawElement in the getError function in the...

5.9AI score0.00473EPSS
Exploits0References3
OSV
OSV
added 2024/05/05 12:0 a.m.4 views

CVE-2024-34500

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages in the $err var are not escaped before being passed to Html::rawElement in the getError function in the...

6.1CVSS6.1AI score0.00473EPSS
Exploits0References6
CVE
CVE
added 2024/05/05 12:0 a.m.90 views

CVE-2024-34500

CVE-2024-34500 affects MediaWiki with the UnlinkedWikibase extension prior to certain versions: 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. The issue is an XSS flaw triggered via interface messages where error text stored in the $err variable is not escaped before passing to Html::raw...

6.1CVSS6.7AI score0.00473EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/10 12:0 a.m.3 views

PT-2024-3267 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.39.6 MediaWiki versions 1.40.x prior to 1.40.2 MediaWiki versions 1.41.x prior to 1.41.1 Description: The issue is related to the UnlinkedWikibase extension in MediaWiki, where improper neutralization of input...

9.8CVSS5AI score0.00473EPSS
Exploits0References19
Rows per page
Query Builder