Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:36251
HistoryJul 04, 2022 - 5:59 a.m.

Cross-site Scripting (XSS)

2022-07-0405:59:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
mediawiki
xss
cross-site scripting
specialcontributions.php
html entities

EPSS

0.001

Percentile

48.6%

mediawiki/core is vulnerable to cross-site scriptingattacks. The library does not properly escape characters in contributions-title message in SpecialContributions.php which is used as a page title, allowing an attacker to inject and execute malicious javascript through harmful HTML entities.