CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
26.5%
miraheze/manage-wiki is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper sanitization of the columns and help keys interface messages within the form descriptor. An attacker requires the editinterface
right to exploit this vulnerability.
github.com/miraheze/ManageWiki/commit/2ef0f50880d7695ca2874dc8dd515b2b9bbb02e5
github.com/miraheze/ManageWiki/commit/6942e8b2c01dc33c2c41a471f91ef3f6ca726073
github.com/miraheze/ManageWiki/commit/886cc6b94587f1c7387caa26ca9fe612e01836a0
github.com/miraheze/ManageWiki/security/advisories/GHSA-4jr2-jhfm-2r84
issue-tracker.miraheze.org/T11812