AI Score
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators.
gerrit.wikimedia.org/r/c/mediawiki/extensions/ProofreadPage/+/961262
phabricator.wikimedia.org/T345693