MediaWiki is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to mishandling of the 0x1b character in includes/CommentFormatter/CommentParser.php, as demonstrated by Special:RecentChanges#%1b0000000.
CPE | Name | Operator | Version |
---|---|---|---|
mediawiki:sid | eq | 1:1.35.0-1 | |
mediawiki:sid | eq | 1:1.35.0-1 |